Ensuring a Secure Cloud Journey in a World of Containers
By Nikhil Taneja Managing Director-India, SAARC & Middle East As organizations transition to the cloud, many are adopting micro service architecture to implement business applications as a collection of loosely coupled services, in order to enable isolation, scale, and continuous delivery for complex applications. However, you have to balance the complexity that comes with such a distributed architecture with the application security and scale requirements, as well as time-to-market constraints. Many application architects choose application containers as a tool of choice to implement the micro services architecture. Among its many advantages, such as resource footprint, instantiation time, and better resource utilization, containers provide a lightweight run time and a consistent environment for the application—from development to testing to a production deployment. That said, adopting containers doesn’t remove the traditional security and application availability concerns; application vulnerabilities can still be exploited. Recent ransomware attacks highlight the need to secure against DDoS and application attacks. Security AND availability should be top-of-mind concerns in the move to adopt containers. Let Your Load Balancer Do the Heavy Lifting For many years, application delivery controllers (ADCs), a.k.a. load balancer, have been integral to addressing service-level needs for applications, deployed on premise or on the cloud, to meet availability and many of the security requirements of the applications. Layered security is a MUST: In addition to using built-in tools for container security, traditional approaches to security are still relevant. Many container-deployed services are composed using Application Programming Interfaces (APIs). Since these services are accessible over the web, they are open to malicious attacks. As hackers probe network and application vulnerability to gain access to sensitive data, the prevention of unauthorized access needs to be multi-pronged as well: •Preventing denial of service attacks •Routine vulnerability assessment scans on container applications •Scanning application source code for vulnerabilities and fixing them •Preventing malicious access by validate users before they can access a container application. •Preventing rogue application ports/applications from running •Securing the data at rest and in motion. Since ADCs terminate user connections, scrubbing the data with a web application firewall (WAF) will help identify and prevent malicious attacks, while authenticating users against an identity management system to prevent unauthorized access to a container service. Availability is not just a nice-to-have: A client interacting with a microservices-based application does not need to know about the instances that’s serving it. This is precisely the isolation and decoupling that a load balancer provides, thus ensuring availability in case one of the instances becomes unavailable. Allocating and managing it manually is not an option: Although there are many benefits to a container-based application, it is a challenge to quickly roll out, troubleshoot, and manage these micro services. Manually allocating resources for applications and re-configuring the load balancer to incorporate newly instantiated services is inefficient and error prone. It becomes problematic at scale, especially with those that have short lifetimes. Automating the deployment of services quickly becomes a necessity. Automation tools transform the traditional manual approach into simpler automated scripts and tasks that do not require deep familiarity or expertise. If you don’t monitor, you won’t know: When deploying micro services that may affect many applications, proactive monitoring, analytics and troubleshooting become critical before they become business disruptions. Monitoring may include information about a micro service such as latency, security issues, service up time, and problems of access. Businesses must support complex IT architectures for their application delivery in a secure manner. Configuring, deploying and maintaining cross-domain micro services can be error-prone, costly and time-consuming. Organizations should be concerned with ensuring security with a layered approach to security controls. To simplify configuration and management of these micro services, IT should adopt automation, visibility, analytics and orchestration best practices and tools that fit in with their agile and DevOps.