This course focuses on container security and provides an introduction to what container security is, the areas that you need to focus on when working with container security, and how it differs from other security services and procedures.
- Recognize and explain the characteristics of container security
- Recognize and explain the importance of implementing container security at scale
This course has been designed for anyone who works with containers or with container services.
To get the most out of this course, you should be able to recognize and explain the following cloud concepts before starting this course:
- Container infrastructure and services
- An understanding of the DevOps methodology
- Principles of cloud security
- Security roles and policies
Hello and welcome to this lecture that will look at considerations when securing your containers that will scale as your container environment expands and contracts over time.
As we looked at in the previous lecture, there are a number of different characteristics to implementing security at a container level, which covered:
Build a Secure Base Image
Hard-coded, unmanaged secrets in images
Hardening your Host
Containers Complicate Compliance
The controls, procedures, and configurations that you have in place for your container security need to be able to have flexibility enabling it to work with your deployments over time, scaling with the demands put upon your infrastructure. Without this functionality, you will soon fall into a situation where your security configuration becomes quickly out of date and you leave your container environment exposed and vulnerable to threats.
The rate at which your containers change over time and scale can make securing them effectively throughout their lifecycle challenging, it’s one of the downsides of container security. So establishing a means by which you can build this scalability into your environment is essential with containerized applications and deployments and one of the key points of consideration when trying to define how to implement security at scale is to focus on automation. The benefits of being able to automate actions and tasks based on findings and events is huge, the less manual process involved the quicker and more reliable the remediation work of an incident or alert can be by following a set of defined procedures and processes.
By building a playbook of responses to incidents and alerts you receive or could expect to receive will allow you to standardize a response. Implementing automatic responses based on your procedures set out within the playbook will ensure the security alert or threat is dealt with immediately and effectively helping to minimize the risk. Regardless of how many containers you are running, the automation process can simply focus on events and so it scales with ease with your environment.
In essence, trying to scale your security without automation will be incredibly hard to do so, with this you should look to tools and services that can help provide this level of automatic scanning and identification across the different areas of container security. This takes much of the heavy lifting and time-consuming operational checks away from your teams freeing them up to focus on the business demands of your applications. For example, many products on the market today are able to offer features to help you with the following:
Whitelisted and Blacklisted Users and OS Packages.
User Activity Monitoring.
CIS Benchmarks Testing.
Custom Benchmark Scripts.
Compliance & Auditing.
Embedded CI/CD Scanning.
Trying to achieve this level of security manually at scale wouldn’t be possible, the automation of actions and tasks used by specialized toolsets will enable you to grow your container environment with ease with while safeguarding the entire lifecycle of your containers.
That brings me to the end of this lecture, coming up next I will summarize the key points from the previous two lectures.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 90+ courses relating to Cloud reaching over 100,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.