Container Security Best Practices in Microservices
The best practices in this blog assume that you have selected a microservices deployment model that leverages containers.
For microservices and security to co-exist, a framework and plan for development, governance, and management of microservices must be developed. Here are some key points to keep in mind while developing your microservices security plan.
1. Servers Should be Stateless
Servers should be treated as interchangeable members of a group. The only concern should be scalability to support the workload. It is recommended to employ auto-scaling, self-healing and a fault tolerant infrastructure. Using servers for specialized functions should be avoided.
2. Image Security in Build and Runtime
Continuously updating OSs to mitigate new container vulnerabilities is critical to protect the security of the environment. Consistent policies should be applied based on the sensitivity of applications running on containers on the same host or across the fleet.
In the build process, DevSecOps incorporates security from inception, ensuring that security and quality issues are addressed in early stages. Additionally employing automation and remediation decreases the probability of security defects reaching production. In a Software Development Lifecycle pipeline, use a combination of these methods:
- Extend unit tests to ensure the application behaves as expected
- Validate the security of the supply chain and assess third-party components
- Make sure the systems are appropriately tested for misconfigurations
- Add dynamic and status testing to the pipeline
- Adapt and add OWASP Foundation checklists
3. Image Storage
Storing images in a central location helps with easy management. Using image registries allows for easy storage as images are created, cataloging for identification, and provides APIs for automation.
4. Third-party Image Security
Container image registries are centralized repositories used for sharing images. For public images, it is recommended to only download content from a trusted user, scan images before deployment, and to use curated official images containing certified content. It’s important to implement an audit process for the registry to ensure that older images and those with older dependencies are flagged and interdependencies captured.
Using self-signed certificates or registries over unencrypted HTTP connections leads to tampering of data transit. Additionally, image authenticity should be validated and signature verification should be performed before any image is downloaded.
5. Security of the CI/CD Pipeline
Isolation of CI/CD systems is paramount, as this system has complete access to the codebase and credentials in different stages of development. Depending on the complexity of the system, the repository of the system should be secured using an automated monitoring mechanism. Security testing of code is an integral part of the CI/CD pipeline. There should be a gatekeeper process in the pipeline that enables secure testing of code from one stage to another.
The CI/CD system should be containerized. This ensures that residual side effects from testing are not inherited by subsequent runs of the test cases.
It is critical to ensure that CI/CD pipelines are isolated from the rest of the network and that developers are not able to circumvent the pipeline partially or completely. At the same time, identity and access management of the build pipeline is a critical aspect to implement.
To learn more best practices for implementing a secure microservices architecture, check out this research publication from our Application Containers and Microservices Working Group.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.