Notes from Container World 2017 in Santa Clara, CA
We just got back from Container World 2017, where Banyan had an Expo table and joined in a panel session on container security. The event was well organized and featured excellent talks and exhibitors. We had the pleasure of meeting up with many old friends, and of meeting new prospective customers and partners who shared with us interesting problems and possibilities.
Container Security panel, moderated by Abhi Dugar of IDC
The container security panel session was moderated by Abhi Dugar of IDC, and the panelists represented three security vendors – Banyan Co-Founder/CTO Jayanth Gummaraju, Aqua Security VP of Marketing Rani Osnat, Black Duck Technology Evangelist Tim Mackey – and Ethan Tuttle, Lead Engineer at Zoosk and a deeply experienced and security-conscious user of Docker in production. Abhi did a great job in steering the panelists toward key concerns, and all the panelists eloquently brought out highly insightful points. The panelists stayed away from pitching products, and instead simply laid out their reasoning, experiences, and conclusions about the security implications of containers and microservices.
Here are some takeaways that I thought were most interesting. I don’t exactly remember who made each point – except for ones that Jayanth made – and so I’ll only put his name on those and leave the other points unassigned to any particular panelist so I don’t get it wrong.
One takeaway is that it’s too simplistic to claim that containers are “bad” for security, or “good” for security for that matter. The truth is more nuanced. Jayanth pointed out, that while it’s valid to think about this in terms of the historical shifts from physical machines to virtual machines to containers, another interesting and valid way to look at it is that we’ve moved from our past practice of deploying bare OS processes, which were relatively insecure, to now wrapping processes with a namespaced and resource controlled container boundary that improves security.
The panelists also pointed out that it’s much more feasible to characterize the expected behavior of a single-purpose microservice, and to verify that behavior at runtime, as compared to doing the same for a bulky monolith exhibiting far more complex behavior. Jayanth added that the other side of that coin is that breaking a monolith into numerous single-purpose microservices leads to a great deal more messaging and remote procedure calls over the network, vastly expanding the exposed attack surface of the application in terms of number of entry-exit points, APIs, and channels.
A third takeaway that Jayanth brought up is that containerized environments will need to be integrated with the rest of an Enterprise’s infrastructure, including non-containerized workloads and services, instead of being treated as an isolated island. The other panelists agreed and described the move to containerization as being not like a cliff but more of a ramp-up over time, and security needs to be deployed incrementally along with that incremental deployment of containers.
Other interesting topics that the panelists shed light on included the importance and cost of encrypting data-in-transit between containers, the security implications of container ephemerality, best practices in building containers and configuring them for security, the importance of secrets management for containers and how to do that in a secure manner, the urgency (or not) of multi-tenancy for containerized environments, and how that relates to the criticality of potential breaches of the container boundary. I’ve probably inadvertently left out a bunch of other interesting points that the panelists made.
A few pictures from the event, courtesy Informa
I attended a few other sessions that I’d like to highlight. Michael Ferranti of Portworx surveyed current support for stateful containers and persistent volumes in leading orchestration platforms. He efficiently packed a lot of clear and useful information into a short talk. Ethan Tuttle presented the work that Zoosk has done with Docker in production, including a lot of innovative systems they have built for secrets management at both build time and at runtime, PKI, logging, and other functionality that was missing when they took this journey as early adopters. I heard about other good sessions that I couldn’t attend, like a talk by Nathan McAuley of Docker on the topic of Orchestrating Least Privilege, and a panel session on stateful vs. stateless architectures. Over all, it was a great event and I’m glad that we were able to participate and contribute.