3 myths about container security

Written by:
Leah Johnston
Date Posted:
22 January 2020
Category:
Containers

Separating fact from fiction

Container growth
Containers are proven to be a useful tool to quickly package and deploy application components at scale and are becoming an increasingly popular choice for both startups and larger enterprises. With benefits such as improving development speed, production consistency, and lowering costs by utilising resources more efficiently, containers are making their mark on developers and engineers.

In fact, Gartner has predicted that 70% of companies will have more than two containerised applications in place by 2023. This rapid growth means that the unique security measures for containers are not yet as widely recognised, or perhaps even understood – which can lead to misconceptions. Let’s shine a light on some common container myths:

#1: Containers are innately insecure
Containers were developed to solve an application deployment problem – something they do very well – but yet an astonishing 88% of respondents in the DevSecOps survey are concerned about container security.

Containers can be deemed a security tool on their own, by inherently offering more techniques to secure your applications – for example providing faster, safer mechanisms for software patching compared to traditional systems like VMs.

Certain security processes and capabilities can come built into the container platform already, such as the principle of least privilege orchestration. This is where isolation is established by default, whereby restricting the visibility of the container and limiting its communications with unnecessary resources secures both the applications and the containers.

#2: Containers are less secure than VMs
The container vs. VM debate seems to be a hot topic, but whilst there are arguments for both sides, it is impossible to say one is less or more secure than the other – it’s a matter of opinion depending on how the platform is used.

Containerised environments have many more layers of abstraction that require specialized tools to interpret, monitor, and protect these new applications. Developers have designed containers to encase such applications, which instantly adds another layer of security.

On the other hand, containers run on the Operating System (OS) – which could leave you vulnerable to any OS security flaws. With a shared OS, flaws at any point in the application, container, and OS implementation stack can invalidate the security of the entire stack and compromise the physical machine.

James Bottomley, a top Linux kernel developer thinks that, for the most severe security problems, containers and VMs have about the same level of security. He commented, “It is perfectly possible to have containers that are more secure than hypervisors and lays to rest, finally, the arguments about which is the more secure technology.”

#3: Compliance is difficult with containers
In fact, quite the opposite is true – container compliance is simple. By using policies that allow you to predetermine an infrastructure that you can audit easily, you can apply and review these policies across machine clusters, scaling auditing capabilities and visibility. This enables policy-based automation of access control rules that adhere to government and industry regulations. 

Using these policies, organisations are able to implement the security of golden images – a template for a VM, virtual desktop, server or hard disk drive. These images are sourced from private repositories and are scanned regardless of scale – an approach that negates human error and vulnerabilities that would result in noncompliance. 

Slaying the myths
Containers make it easy to build, package and promote applications and services, and the concept that containers are not secure is simply untrue. However, it is unsurprising in a world of steadily increasing cybercrime that organisations are hesitant to trust complex technologies or move away from what they know.

Are you interested in container hosting? Get in touch with our friendly sales team on 0800 612 2524 or email sales@hyve.com

Rating: 5.0/5. From 1 vote.
Please wait...

Recommended Videos

Find out why Safestore adopted Hyve as their hosting provider

Case Studies


Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.