Gartner Inc. is advising security-conscious organizations to switch to a container-based app delivery model, saying the technology is more secure than having apps running on a bare OS.
Writing in the Gartner Blog Network, analyst Jeorg Fritsch says that “Gartner asserts that applications deployed in containers are more secure than applications deployed on the bare OS”. He says this is the case because even if a container is somehow compromised, “they greatly limit the damage of a successful compromise because applications and users are isolated on a per-container basis so that they cannot compromise other containers or the host OS”.
Of course, Gartner admits containers are far from being tamper-proof. As Fristch acknowledges in his post, containers are burdened with “innate security properties that make them vulnerable to kernel privilege escalation attacks” which means they’re not necessarily “the right tool for high-risk-assurance isolation”.
Nonetheless, Fristch believes that organizations can take advantage of the benefits afforded by Linux containers if they follow a “container-first” approach and “deploy internet-exposed applications in Docker containers with best-practice security whether or not you do CI/CD/DevOps.”
Still, organizations need to understand that containers are not a magical security solution by themselves. Docker containers need to be done correctly to take advantage of the security benefits they offer, which means hardening the host Docker runs on, and taking advantage of third-party container security solutions from companies like Aqua Security, CloudPassage, Twistlock and Weave. It’s also necessary to master logical security zoning and network isolation, and also microservices routing so that the containers can talk to each other securely. Lastly, users will need to have a grip on kernel controls to make sure their containers have just the right level of access to the host’s kernel.
“In the Linux OS and in Linux containers, every system call is a direct interaction with the kernel,” Fritsch writes. He notes that this kernel is “the very same kernel that all segregation features depend on. System calls are a significant attack surface, where nothing must go wrong.”
In balance, Fritsch concludes that many organizations would be better off considering switching to containers, and not just because they’re fashionable.