• Second report in series provides mitigation options for 18 possible risks surrounding integration of application containers into trustworthy, secure systems
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, recently released Best Practices for Implementing a Secure Application Container Architecture. Produced by the CSA’s Application Containers and Microservices Working Group, this paper is the second in a series of reports covering the securing of app containers and microservices and offers detailed recommendations and best practices to address the challenges laid out in the recently released Challenges in Securing Application Containers and Microservices.
Increasingly, enterprises are migrating to the cloud, and unsurprisingly, the number of stakeholders and their unique needs are growing at an exponential rate. Common ground is needed, then, to ensure that developers, operators, and architects are able to efficiently and effectively address the myriad components involved in application container architecture. Recognizing this, CSA is producing a series of white papers to facilitate secure migration to the crowd.
The paper was developed through extensive collaboration among a diverse group of participants with strong knowledge and practical experience in information security, operations, application containers, and microservices. Among the risks covered are: code promotion across environments, securing the host, container continuous monitoring from the platform/host, container networking, validating the integrity and security quality of the image, container forensics, trust chain through containers, container volume and secret management, platform and container management, and container encryption.
“Application containers and microservices architecture are being used to design, develop, and deploy applications, leveraging agile software development approaches such as development operations. Couple this with the fact that application containers and microservices have unique characteristics each with distinct security ramifications based on the stakeholder it’s vital that security is embedded into the software development process,” said Andrew Wild, Container and Microservices Working Group Co-chair. “It’s CSA’s hope that this document will serve as a springboard for careful examination and discussion of how to best secure application containers.”
The Application Containers and Microservices Working Group, co-chaired by Anil Karmel, President of CSA DC Chapter’s Board, and Andrew Wild, industry Chief Information Security Officer, was established with the goal of conducting research on the security of application containers and microservices and publishes guidance and best practices for their secure use.
