One of the greatest concerns associated with new technological advances is the understanding of security. As we approach an era of technological advancement, it has become increasingly important to create effective defenses against threats to data compromise. A major factor to preventing data compromise is the increase of security awareness. The 2017 Cyberthreat Defense Report reported increasing rates of poor security awareness among employees and management surveyed during the past 4 years.
In our recent report of Docker Security and Containerization, we mentioned Sol Lederman's top six concerns/limitations around container technology, and our focus was #2 on Sol's list: Security is a major concern.
As with the evolution of any new technology, the rise of containerization has and will continue to be a bumpy ride. End-users' understanding of container security is a critical factor in helping to reduce the number of potential data breaches. In many situations, developers prioritize the software development lifecycle over the emphasis on security which can leave vulnerabilities open and contribute to data breaches.
Especially when newer technology is introduced, such as Docker and the concept of containerization, users should be aware that the threat of data breaches is still present. Gretal Egan's analysis of various cybersecurity reports show the lack of employee training on cybersecurity and attacks on vulnerabilities from legacy or outdated systems have continued to be a problem to many companies.
Weakest Link = People
A common phrase you hear from many cybersecurity professionals is the weakest link in the security chain is often the people. Technology can be programmed and developed to quickly adapt to new security threats. Continuous monitoring, intrusion detection systems, and many other tools are available to mitigate these risks. People, however, are the most vulnerable and most likely to make mistakes. As noted by Redcode, the most recent example of an impactful mistake was the Amazon AWS outage that occurred in February. A simple error during the debugging process of Amazon S3 services by the engineer caused the accidental shutdown of multiple servers.
Jason Del Rey's comment of "One Mistake and the Whole Internet Suffers" was more than on point. This incident provides another example of the importance of accepting the inherent people-risk associated with technology.
Regardless of how smart a person is, a simple careless mistake can lead to an open exploit that adversaries will be actively searching for. Especially when newer technology is introduced, such as Docker and the concept of containerization, users should be aware the threat of data breaches is still present.
As many involved in security awareness programs have a technical background, there are some theories that those highly-specialized backgrounds suffer from a cognitive bias known as “curse of knowledge”. A widely-studied psychological phenomenon, the idea of creating an awareness for professionals in security is simple: they live the life of security and therefore it is assumed that it is simple for everyone else. The information that security professionals may communicate may be biased towards a target audience that they expect to be at the same level of knowledge as them. As an example - security professionals leading awareness training may ask other employees to use complex passwords that are 15 characters long and spend most of the time explaining why complex passwords are important while focusing less on tips and tricks on how to create complex passwords that the users who have not been exposed to this security culture can find less confusing.
Is all lost? Of course not. As Docker and container security is just beginning to be utilized by many organizations, the knowledge of potential risk must be acknowledged. Organizations should evaluate the effectiveness of current controls and implement Docker-specific controls to mitigate risks that may impact business objectives. In general, practicing good cyber hygiene and increasing transparency of the software development process in Docker will reduce the risk significantly.
CONTAINER RISK-MANAGEMENT RECOMMENDATIONS:
1. DEFINE a set of compliance policies covering both containers and host environment. These policies should be a part of the organization’s overall risk management program that addresses both industry compliance and application policies.
2. HARDEN the host environment based on Docker security benchmarks to ensure host environment is up-to-date.
3. CONFIGURE Docker daemon and containers properly; this includes access control, namespace configuration, and reducing attack surfaces.
4. MONITOR and keep track of changes made to each container by using version controls and configuration management tools.
5. AUDIT host systems and containers regularly to identify misconfigurations or vulnerabilities that could expose your system to compromises.
6. VERIFY the authenticity of the container image by only using images that come from legitimate sources.
CimTrak and Docker Security
For organizations exploring the containerization field as an option to increase the efficiency of software development, CimTrak is a solution that helps mitigate common attack vectors. The built-in features of CimTrak can serve as a supportive foundation of the security and integrity of data contained in containers.
The current attack vector on containers tries to exploit the architecture of the containers themselves. Being so close to the operating system itself, CimTrak is a great countermeasure to these attacks as it will continuously monitor the kernel level for any unauthorized access and differentiate between positive and negative changes.
September 19, 2017