Morioh
Login
Demetrius Hauck

Demetrius Hauck

3 years ago

Traditional infrastructure came with a robust set of security tooling and best practices. The transition from servers and VMs to cloud native environments with containers and Kubernetes did not end the threat or impact of attacks or shift that responsibility to cloud providers. Instead, it brought a new and different set of security challenges and made the legacy tools obsolete. Learning what the security challenges are as well as the effective mitigation strategies they need, across cloud-based, containerized operations, is essential to protecting your business.

What we have come to appreciate is that both the types and extent of security practices that organizations need as they grow in their use of cloud technologies can be plotted along a curve. The curve defines the various stages an organization passes through on its journey from being a rank beginner to a highly sophisticated developer of containerized applications. We call this curve the Container Security Maturity Model. As you move along your container journey, the security requirements rise steeply. Use this as a guide to understand what stage you are in, evaluate your current security standing, and prepare to move into the next stage.

Stage 1: Learning about containers. Here, individuals learn the basics about containers using their own individual machines. It typically starts as a side project rather than an officially sanctioned one. Since this work is not destined for production rollout, there’s not much to get wrong in security, so you have no critical need for dedicated security tools.

Stage 2: Officially sanction projects. In this stage, someone’s Stage 1 learning exercise transitions into — or an entirely new effort becomes — an official project destined for production. It is a big step from Stage 1, which often involves just one individual. Stage 2 typically has a whole team working on that project. A private image registry is useful here to enforce policies concerning image scanning and access to images. Pods containing multiple containers come into play here, as does Kubernetes, which orchestrates those pods. Kubernetes brings with it its own vulnerabilities that require their own unique toolkit. As for security at this stage, you will want to revise and codify security policies to suit the needs of containerized applications. Automation tools to control configuration can also be a big plus at this stage. Already, Kubernetes-native security tooling will prove useful, although container-centric security tools could suffice for a time.

#cloud native #containers #security #contributed #cloud

A Step-by-Step Approach to Cloud Native Security

thenewstack.io

A Step-by-Step Approach to Cloud Native Security

What we have come to appreciate is that both the types and extent of security practices that organizations need as they grow in their use of cloud technologies can be plotted along a curve. We call this curve the Container Security Maturity Model.

1.10 GEEK