 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
In the first article in this series, we discussed what zero trust security is and why it matters. In the second article in this series, we talked about the benefits of zero trust network access. In this third article installment, we will dive into using zero trust models within container security.
Containers carry many benefits for organizations. Some of these benefits include better efficiency, quick deployment and scaling of applications, and fewer system requirements. However, these benefits are not without significant costs and some challenges. Containers often rely on complicated networking and with that comes a host of security challenges from weak firewalls, container image vulnerabilities, and risks around unauthorized access.
Is there a solution that can lessen the challenges security teams face while increasing perimeters around data protection and mitigating cybersecurity risks? Zero trust could be a great solution that many organizations are turning toward these days.
In the majority of traditional security environments, network complexity and limitations with traditional firewalls pose the biggest risk to organizations. Too many connections within any network can cause certain hot spots to be overlooked. Further, traditional firewalls often do not do the best job of detecting and mitigating activity from attackers within or without the network.
This is where zero trust security models can make the biggest difference. Since zero trust is built on a policy of not trusting anything or anyone, the policies around user access and workload identities help organizations to understand who is accessing what information, and what information is being transported throughout the network.
Since many enterprises no longer collect and store data in-house, the need for zero trust security models has become greater. Both on- and off-premise platforms and services now host data and access to these applications comes from a range of different devices in various geographical locations. This leaves the traditional security model unfit to protect a lot of organizations.
Containers manage networking systems in a number of ways. For example, Docker required a way to introduce containers and so it used the network address translation (NAT) to do that. NAT changed the network address information, covering network complexity but making the ins and outs more ambiguous than before. As a result, containers have different IP addresses from the parent IP.
Furthermore, the Docker subnet can be separated from the underlying network. In this case, container networks can freely migrate and move between different platforms. For example, primary services can run on-premise while extra containers can run on Amazon Web Services (AWS). This allows for organizations to run efficiently and have the right amount of bandwidth even when there is more traffic through a network such as during the workday than after hours.
Bridging, on the other hand, is more open and available. All containers act within the same network on a consistent IP address framework. The underlying network is completely visible to IT teams. And while some connections are hosts and others are containers, containers can move through hosts with the full knowledge of an IT manager or IT team within an organization.
With overlay networks in use, containers can communicate efficiently and easily with other containers, creating a more distributed network. In this case, the entire infrastructure will move around to various hosts as the load and performance metrics are required.
While container networking is very customizable, its complexity makes policies around firewalls and other more traditional security perimeters very hard to create.
According to the Cloud Security Alliance’s 2021 “State of Cloud Security Risk, Compliance, and Misconfigurations,” only 30% of organizations have IT operations, development, and security teams that are aligned on security policies.
There is usually agreement about what an organization’s security policies are, but less so about how to actually enforce them across multiple environments. According to the Cloud Security Alliance’s 2021 “State of Cloud Security Risk, Compliance, and Misconfigurations,” only 30% of organizations have IT operations, development, and security teams that are aligned regarding what their security policies are and how to enforce them with DevSecOps. Zero Trust policies offer the promise of more consistent enforcement, but that will also require agreement among various teams.
If a cybercriminal wants access to a host’s secure database, with a firewall in place, only the packet would be shown from the host’s side. The host has been granted permission to trust this machine and thus it will let the packet through. The attacker will then be able to move across the network and get closer to their target with encrypted data or data exfiltration.
Organizations can build a traditional security framework with firewalls and adopt a zero trust security model to ensure containers and microservices are connected and communicating. In this case, zero trust is developed with several principles in mind.
Establishing safety and security guidelines allow containers to run in a multi-cloud environment. Underlying infrastructure can enforce the security controls with containers. Cloud-based and container-based applications will continue to drive interest in zero trust network access.
As a rule, security teams and IT leaders must enforce consistent security controls across applications, networks, and platforms. Establishing a method to secure access to containers is critical today more than ever as firewalls simply aren’t enough to manage changes within a container’s network IP.
