Resilient Container Security: How Container Security Benefits Cybersecurity and DevOps

Written by Christina DePinto, Product Marketing Manager, Tenable Cloud Security.

Securing containers across the entire software development life cycle is a huge win for cybersecurity teams and DevOps. Why? These two traditionally siloed entities can now congregate around a strategic approach to governance. Here’s a closer look at how each team can benefit.

As organizations ramp up their cloud adoption, so does their usage of containers. For cybersecurity teams, this means securing container infrastructure has become a critical task. That’s the focus of this blog series, “Resilient Container Security.”

In the first installment, we explained why container security needs to be founded upon a preventive strategy grounded in exposure management. We devoted the second post to detailing three concrete steps needed to build a robust container security strategy. In this third and final post, we’ll outline how cybersecurity and DevOps teams stand to benefit from a strong container security posture.

Two key benefits of container security for cybersecurity teams

Cybersecurity teams get two main benefits when they adopt a resilient container security strategy: significantly lower operational costs and the elimination of risky blind spots. Let’s look at each one in more detail.

Drastically reduce operational costs

The Systems Sciences Institute at IBM has reported that the cost to fix an error found after product release was four to five times as much as one uncovered during design, and up to 100 times more than one identified in the maintenance phase. In fact, costs to fix software bugs increase exponentially as they are discovered later in the software development life cycle (SDLC) as software moves from design through maintenance. The difference in remediation costs is due to the increased complexity of implementing changes in production, from identifying application owners to issuing counter-changes to offset functionality modifications. Remediating vulnerabilities before deployment is critical to lowering overall security administration and labor costs.

Eliminate blind spots and excessive cyber risk

You can’t secure what you can’t see, and poor visibility is a major challenge with containers. Container visibility is essential because of the widespread proliferation of known vulnerabilities in the Docker ecosystem and within open-source software used to build container images. Gain insight into vulnerabilities, malware and policy compliance for all container images used in production and get peace of mind with your security posture. Imagine seeing and preventing potential container risks before they’re deployed.

Two key benefits of container security for DevOps teams

Likewise, a resilient container security strategy also helps DevOps teams in a number of ways. It makes it easier for them to improve the quality of their code, speed up their release of secure software, and obtain custom-tailored visibility into images and repositories.

Generate higher-quality code

Integrating vulnerability and malware testing into CI/CD pipelines gives developers confidence their code has fewer defects. Developers can pinpoint security risks and fix vulnerabilities more easily with specific remediation advice. Using an IaC static code analyzer is a great first step to ensure only the most secure code goes into production.That way, developers can enforce security and compliance policies throughout the development lifecycle to minimize risk and stop risky deployments. There are many open source options to choose from, like Terrascan, one of the most popular static IaC analyzers in the market.

Release secure software faster

Find an IaC static code analyzer that works quickly, so security teams can govern secure development at the speed of DevOps without blocking or disrupting current workflows. Solutions with container-layer hierarchy intelligence capabilities increase code velocity even further by drastically reducing time-intensive false-positive results.

About the Author

Christina DePinto joined Tenable in 2022 and is a Product Marketing Manager for Tenable Cloud Security and Tenable's open-source project Terrascan. Prior to joining Tenable, Christina worked at Siemens Digital Industries Software on the industry marketing team focusing on electronics and semiconductor manufacturing.