Cloud and containerization technologies offer high scalability, deployment orchestration, and portability. Because of this, they reduce the number of resources needed to manage application infrastructure.
This introduces new security concerns. The majority of containerized applications have a complex infrastructure, including many detached parts that communicate with each other over a network. That’s why even a small cyberattack can cause significant damage, influencing multiple architecture layers.
Fortunately, there are innovative practices to secure your containerized infrastructure. At Iterasec, we offer a cloud security check service to independently review your cloud or containerization infrastructure.
Cloud security configuration
When talking about the misconfiguration problem, several factors are at play. That’s why our team provides complex security checks for your cloud system against the most common security issues and misconfigurations:
- User management, authentication, authorization, access policies
- Component isolation, security groups, VPN settings, Ingress/Egress Routing
- Object storage visibility, such as S3
- Security of serverless functions, such as Lambdas
- Hardening of metadata WebServices (which can be abused by SSRF vulnerabilities)
- Encryption of data-in-transit & data-at-rest
- Key management & secret management (use of vaults)
- Logging & monitoring
- DFIR-Readiness (digital forensics & incident response)
This is crucial to ensure the environment’s configuration isn’t a source of risk and that it doesn’t drift over time.
No matter what platform you use, it’s important to secure your cloud workloads. Our security check expertise covers the platforms like:
Container platform security
Every container has many components that can pose security risks and vulnerabilities.
What we check
- Cluster setup: correctness of setup, testing access to kubectl, RBAC, Network policy, etc.
- Security hygiene: updates, minimal OS, IAM roles, monitoring, and audit logging, verifying deployed binaries, etc.
- Known attacks: disabling default tokens and dashboards, scanning images for known vulnerabilities, etc.
- Impact of microservice compromise: security policies, secret protection, sandboxing, authentication and encryption, etc.
The checklists we follow:
- CIS Benchmarks
- NIST Application Container Security Guide
- OWASP Container Security Verification Standard
However, it’s important to remember that security isn’t just a check box, but improvements made at multiple layers of the cloud infrastructure.