Fidelis Cybersecurity
Fidelis Blog


What Recent Docker Updates Mean for Enterprise Security

Development teams have already bought into containerization as a way to quickly and efficiently create, distribute, and collaborate on apps and infrastructure. To wit, there have been over a billion downloads of Docker containers, so the agility inherent in modern containerization is clearly attractive. From a business perspective, the promise of Docker and similar containerization schemes is that the enterprise can maintain operational control without restricting developer productivity.

But more often than not, development teams aren’t building out infrastructure with security in mind — they’re just building. So where does this leave security teams?

Traditional security solutions simply do not work well with container-based architectures. The major enterprise security issues with Docker centered on a lack of support for individual container user namespaces (so there was no user ID isolation) and potential for container “sprawl” (masses of Docker images existing at at varying security patch levels).

In November, Docker announced several major security advancements including support for user namespaces and hardware keys providing the ability to verify both where a container comes from and what’s inside. Additionally, containers hosted in the official Docker repository can now be scanned for vulnerabilities.

While these security improvements are a step in the right direction, they have to be utilized to provide any benefit. And everyone should remain clear on the facts: The responsibility still falls upon individual enterprise security teams to ensure their companies are fully buttoned up. Avoiding exposure is a matter of making sure development teams are educated and that the proper controls are in place to enforce security policy.

The good thing is that containerization isn’t new; it’s just become wildly popular lately. And since the concept has been around for quite some time, there established and updated security best practices available that simply need to be observed. Some common practices guidelines include:

Perform regular security audits of your host system and containers
The notion of “audits” tend to trigger anxiety for lots of people, but they still beat getting hacked. To avoid exposure, it’s best to perform regular security audits of your host system and containers, identify any misconfigurations or vulnerabilities, and address them.

Monitor container usage, performance, and traffic
Visibility is preparation. If you systematically monitor container usage, performance, and traffic, you not only maximize efficiency, but you can also spot anomalous behavior. Automate to effectively implement monitoring and alerts.

Use a centralized and remote log collection service
If malefactors gain access on your local system, they can tamper with or remove log data stored there. And log data is essentially for understanding what really happens in a containerized environment. Configure all containers to send their logs to a centralized and remote log collection service.

Avoid container sprawl
Don’t keep a large number of containers on the same host. Check your host’s container inventory and clean up the unnecessary containers. Allocating your containers properly minimizes the potential for mishandling and misconfiguration.

Docker is stepping up to do its part in addressing security issues in the container model. And by melding the CIS benchmarks with existing enterprise security fundamentals, businesses can let their dev teams embrace the agility and speed provided by containerization — while their security teams ensure that critical assets are being protected.

Stay up to date on all things security

Subscribe to the Threat Geek Blog