5 Trends Shaping the Future of Container Security

The adoption rate of containers is rising, especially in enterprise production environments. Fei Huang, CEO of NeuVector, points out five key trends that will guide the future direction of container security.

The Portworx industry report shows that as the mainstream orchestration platform ecosystem matures, the use of containers in production environments has doubled in the past year. At the same time, as the de facto container orchestration choice, Kubernetes' dominance drives better standardization, simplifies upper-layer solutions such as storage and security, and reduces supplier dependency concerns that hinder implementation. These data points are well known in the industry.

Analysts said that container orchestration has also promoted the adoption of cloud migration and multi-cloud and hybrid cloud container deployment.

As one of the earliest container security providers, NeuVector was the first to see that the need to protect containers across the entire application lifecycle will continue to grow. Its CEO Fei Huang used his own industry information to point out five key trends affecting current and future container security.

Trend 1: Attacks on container infrastructure are accelerating

The expansion of container deployment has been synchronized with the increase in attacks, as attackers' awareness and exploitation of key Kubernetes vulnerabilities have been growing. News of container vulnerabilities are constantly being exploited in the newspapers: Kubernetes deployment was hijacked to introduce cryptocurrency mining containers into Tesla's public cloud, malicious containers were found in the Docker Hub public repository, and so on. This is foreseeable as a side effect of success. Attacks will only become more common and complex. Container security needs to become a greater focus of enterprise and DevOps teams.

Trend 2: Security "policy as code" is becoming a reality

Kubernetes ConfigMaps and custom resource definitions (CRD) can promote the automation of security products, configurations, and rules, and integrate them into continuous integration/continuous delivery (CI/CD) and DevOps pipelines. The DevOps team can analyze the application behavior and declare the security policies for all new workload deployments in standard YAML files, making the security integration process efficient and automated. Traditional security teams can also use the same tools to add global security policies to the environment and modernize their security operations to the cloud-native level.

Trend 3: The safety net embedded in the service network is sought after as a new strategy for containerized environment protection

More and more companies are beginning to add safety nets to the service network architecture as a new method of application-aware protection to thwart potential attacks. In their attempts to infiltrate container orchestration solutions, hackers have demonstrated unprecedented complex methods that can bypass traditional network and host security products, driving the demand for the same high-end security protection technology. As for Kubernetes and container API vulnerabilities, the situation is very clear: thwarting such attacks requires automated real-time security intelligence and response.

Trend 4: Container security is expanding forward and backward

Companies gradually realized the risks of plugging in container security measures at the end of application development, such as the vulnerability of zero-day attacks, unknown exploits, and insider attacks, so they began to "forward" to achieve security. Security is embedded at the beginning of the cycle. Similarly, as companies and enterprises gradually increase the use of containers in production environments, security is also moving "backwards" to better ensure the security of containers and orchestration platforms throughout the "build-release-run" life cycle.

Trend 5: Containers are driving cloud 2.0 migration

On the whole, hot technologies, such as containerization, serverless computing, as well as the aforementioned service/safety net and large-scale cross-cluster management, are showing companies and enterprises that their cloud infrastructure does not necessarily need to be virtualized. Machine-centric. Companies can rely more on services and data. Companies moving towards the so-called Cloud 2.0 are taking advantage of this new opportunity to introduce cloud features—from cloud-native security to networking to storage, etc., which are designed to handle critical business requirements more dynamically and instantly.