Protecting Container Workloads With a Zero-Trust Strategy

Zero-trust security models are rising in popularity as arguably the most practical and logical approach for securing container environments. Whereas traditional reactive security models focus on maintaining firewalls and enforcing a ‘deny list’ of policies that block all known bad IP addresses and malicious software signatures, protecting container workloads calls for a more proactive stance. Microservices environments bring with them shared resources, dynamic IP addresses and containers that spin up and down as quickly as workloads require. This dynamic nature means anything short of real-time automated security is far too slow to recognize and mitigate threats before it’s already too late.

Implementing a proactive zero-trust security model enables enterprise teams to automatically protect container and Kubernetes environments from both known and unknown threats by maintaining policies constituting a list of allowed behaviors. Instead of a deny list, the zero-trust model leverages an allow list and blocks all unapproved network connections and processes in the environment by default, empowering teams to declaratively define application behavior and thwart attacks before they happen.

AWS Builder Community Hub

Protecting all Crucial Assets at Risk via Zero-Trust

A zero-trust security strategy should protect seven areas that represent an organization’s vital threat entry points: Users, devices, the network and environments, applications and workloads, visibility and analytics, automation and orchestration and data.

As a first step toward adopting a zero-trust model, identify the critical assets in each of these areas. Then, begin to capture low-hanging fruit when it comes to protecting users; for example, by introducing user identity management and multifactor authentication to secure user privileges. Protect devices, the network and environments by implementing protections such as security checks, environment-hardening configurations and network encryption. Leverage tools that can offer up deep visibility into the environment, so that container communications and protocols are known and the scope of active protections is clear. From this solid foundation, address application pipeline and workload security⁠⁠⁠—including how to safely deploy production-grade containers and implement microsegmentation⁠—and integrate zero-trust policies into the pipeline. Visibility and analytics of security events and logs offer valuable guidance for optimizing and improving protections. Finally, automation protections for the orchestration platform and data itself throughout the CI/CD pipeline are essential to zero-trust strategies and container security as a whole.

With all crucial assets under protection, look to introduce more advanced security configurations, such as data loss prevention (DLP), to safeguard sensitive information. While too often overlooked, it’s also critical to regularly review these security postures. This is especially true to continually meet your organization’s regulatory compliance obligations.

4 Security Best Practices for Protecting Assets With a Zero-Trust Model

Implement the following four security best practices for protecting your container workloads and get your migration to a zero-trust strategy off to a strong start.

1. Minimize attack surfaces

Reduce attack surfaces throughout container and Kubernetes environments by introducing vulnerability management across the CI/CD pipeline and the full application life cycle. Available tools can ensure that, for example, an application image that allows exploits will fail vulnerability scanning, and be rejected along with instructions for developers on how to harden the image before it can leave the build phase. By doing so, teams clean up security issues well before applications deploy into production. As part of adopting zero-trust policies that deny unexpected microservices communications and processes by default, enforce least privilege access to securely limit users to activities within the scope of their roles.

2. Ensure zero-trust security enforcement in real-time

While hardening attack surfaces and post-mortem log analysis have great value, the crux of a zero-trust security strategy requires practices that will enforce policies and block attacks at run-time as they occur. Zero-trust controls require that security teams move to a declarative, allow-list-based approach from a traditional deny-list-based approach. Hackers are intent on executing ransomware, cryptomining, and countless other attacks by escalating permissions via malware within dynamic container environments. These can only be stopped by denying access at a crucial moment.

Comprehensive security enforcement that’s able to inspect and block attacks at their first network entry eliminates larger threats down the road. A typical attack begins by entering public-facing microservices. Once it gets into the container and runs in secure container memory, it can flood usage of those resources and grow more dangerous from there. With true real-time security, it’s possible to defeat attacks the moment they arrive, and the sooner the better.

3. Provide continuous visibility and compliance

Once real-time security policy enforcement is in place, enable continuous visibility and compliance checks across your environments. Deep and continuous visibility into network behavior will allow instant recognition and responses to anomalies. For example, if a database container suddenly launches a process that isn’t the database service, you want security that knows and reacts right away. Continuous proactive compliance checks are the same story: A monitoring system should actively launch a targeted compliance check whenever an unanticipated network or process file system change occurs.

4. Make security transparent, easy to use and automated

Last⁠—but perhaps most important of all⁠—security must be automated for a zero-trust strategy to succeed. At the same time, security cannot hamper productivity. It must seamlessly integrate within pipeline workflows and backend analytics services while remaining transparent from a development perspective. By declaring allowed workload behavior earlier in the pipeline, even in development, zero-trust controls can be integrated with a security-as-code GitOps-type workflow. Security practices should be automated, managed and scaled in the same way as container workloads while keeping those workloads secure.

Zero-Trust Means Security That’s 100% Ready

By implementing these best practices and their related security functions, enterprises can pair the advantage of container environments with full application life cycle security that’s poised and ready to defeat any known or unknown threat the moment it arrives.

Join us for KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain (and virtual) from May 16-20—the first in-person European event in three years!

Avatar photo

Fei Huang

Fei Huang is the Vice President of Security Product Strategy at SUSE, a global leader in innovative, reliable and secure enterprise-grade open source solutions. Huang was previously a co-founder and the CSO of NeuVector, which SUSE acquired in 2021. He holds several patents in security, virtualization, and software architecture.

fei-huang has 1 posts and counting.See all posts by fei-huang