Containers and microservices complicate cloud-native security

http://www.theserverside.com/feature/Containers-and-microservices-complicate-cloud-native-security?utm_campaign=Black%20Duck%20Press&utm_content=60709505&utm_medium=social&utm_source=facebook

Developing applications with microservices and containers may be a modern approach to software design, but traditional software flaws still remain a problem when addressing cloud-native security.

When you think about microservices-architected, there’s a wide range of, I guess you could say opinions, about what that means. 

In this age of DevOps and cloud-native development, the software stack is more complex than ever, and when code is distrusted across a multitude of microservices and layered upon multiple virtual machines (VMs) and Docker containers, security holes can be difficult to identify. “The complexity of the application is a major challenge to any development staff,” 

Minimally built container can be far more secure than a full-blown VM. Container orchestration tools are making it easier than ever to enforce cloud-native security by rolling out updates to each Docker instance.

9 Comments

  1. Tomi Engdahl says:

    Why serverless computing makes Linux more relevant than ever
    https://www.techrepublic.com/article/why-serverless-computing-makes-linux-more-relevant-than-ever/

    As developers focus more on functions than underlying infrastructure, that infrastructure remains more important than ever before

    Despite the rise of cloud computing, containers, and a zillion other things that superficially seem destined to pulverize the operating system, Linux (and Windows) keep chugging away. In fact, if anything, the OS has become more relevant than ever. How did this happen?

    Everything about the cloud seems like it should be a major downer for the OS. Most recently, serverless computing has gained momentum, with developers increasingly fixated on their application code without much thought to underlying operating systems.

    And yet…even in serverless land the OS remains critical, in large part because no enterprises are 100% invested in any one public cloud, not to mention the reality that all enterprises of any scale have acres of legacy infrastructure sitting around.

    Reply
  2. Tomi Engdahl says:

    How to solve the challenges of creating automated tests for microservices
    http://www.electronics-know-how.com/article/2614/2614

    As an architecture for building complex systems, microservices is gaining significant traction within the development community. Especially applications that share challenges related to dependencies and scaling can benefit greatly from it. Microservices adoption is on the rise, but so are the struggles associated with understanding how to test microservices.

    Toby Clemson from ThoughtWorks has done a great job of enumerating testing strategies that you might want to employ in a microservices architecture

    Reply
  3. Tomi Engdahl says:

    Container Escape Hack Targets Vulnerable Linux Kernel
    https://threatpost.com/container-escape-hack-targets-vulnerable-linux-kernel/142407/

    A proof-of-concept hack allows adversaries to tweak old exploits, have code jump containers and attack underlying infrastructure.

    Reply
  4. Tomi Engdahl says:

    Microsoft launches new open-source projects around Kubernetes and microservices
    https://techcrunch.com/2019/10/16/microsoft-launches-new-open-source-projects-around-kubernetes-and-microservices/

    Microsoft today announced two new open-source projects: Dapr, a portable, event-driven runtime that takes some of the complexity out of building microservices, and the Open Application Model (OAM), a specification that allows developers to define the resources their applications need to run on Kubernetes clusters and which Microsoft developed in cooperation with Alibaba Cloud.

    Reply
  5. Tomi Engdahl says:

    A Security Reminder: Containers Talk to Each Other and Other Endpoints

    https://pentestmag.com/a-security-reminder-containers-talk-to-each-other-and-other-endpoints/

    #pentest #magazine #pentestmag #pentestblog #PTblog #container #endpoint #security #cybersecurity #infosecurity #infosec

    Reply
  6. Tomi Engdahl says:

    Grype is a Go-based tool to assist you with container and package security, it supports Docker and OCI image formats and also packages from major OS distributions (Alpine, BusyBox, Debian CentOS, Ubuntu) and certain programming language-specific packages (Ruby, Java, Python). https://www.darknet.org.uk/2021/04/grype-vulnerability-scanner-for-container-images-filesystems/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*