Post on 11-Jun-2020
DIMITRIS PIKOULASMANAGER, CLOUD AND SECURITYCONTAINER SECURITY: SECURING YOUR CONTAINERIZED MICROSERVICES
DEVELOPMENT PROCESS
APPLICATION ARCHITECTURE
DEPLOYMENT & PACKAGING
APPLICATION INFRASTRUCTURE
Waterfall
Agile
Monolithic
N-Tier
Physical Servers
Virtual Servers
Datacentre
Hosted
Copyright 2019 Accenture. All rights reserved. 2
MICROSERVICES AND CONTAINERS ARE AN IMPORTANT PART OF NEW IT
past
future
Plan & Reqs
Design
Build
Test
User Story
Spring 0
Daily StandUps Tests
& Demos
1-2weekssprints Product
Release
x 8 weeks
Agile
Microservices as part of New IT
DevOps Microservices Containers Cloud
“Architecture in the New”
Copyright © 201 Accenture Security. All rights reserved.9 3
ARCHITECTURAL EVOLUTION
Point2Point Integration SOA Microservices
Copyright © 201 Accenture Security. All rights reserved.9 5
APP PORTABILITY IN MINUTES
OPEX AND CAPEX SAVINGS
SECURE APPS AT SCALE
DEPLOY AND SCALE IN MINUTES
THE BENEFITS OF CONTAINERIZED MICROSERVICES
AGILITY PORTABILITY COST SAVINGS SECURITY
CAPITAL AND OPERATIONAL EFFIENCY DRIVEN ROI
WHY IS CONTAINERIZED MICROSERVICES SECURITY IMPORTANT?
6Copyright © 2019 Accenture. All rights reserved.
CONTAINERS OFFER MANY SECURITY
FEATURES BUT HAVE THEIR OWN SECURITY
RISKS
TYPICAL SECURITY CONTROLS DO NOT
NECESSARILY ADDRESS THESE RISKS
COMMON SECURITYTHREATS AND RISKS
COMMON SECURITYCONTROLS
Copyright © 2019 Accenture Security. All rights reserved. 7
Kernel Exploits
Poisoned Images
Container Breakouts
Network Cross-Container Attacks
Host Cross-Container Attacks
Vulnerable Libraries Attack
Denial of Service AttackCompromise Secrets
Vulnerable Application Exploits
CONTAINERIZED MICROSERVICES SECURITY THREATS
HOW TO TACKLE THESE NEW SECURITY THREATS?
LAYEREDAPPROACH
Copyright © 2019 Accenture Security. All rights reserved. 9
INCIDENT RESPONSE & FORENSICS
RUNTIME SECURITY
NETWORK SECURITY
IMAGE SECURITY
CONTAINER PLATFORM SECURITY
ENGINE SECURITY
OPERATING SYSTEM CONTAINER SECURITY
CONTAINERIZED MICROSERVICES SECURITY MODEL
HOW TO BUILD UP YOUR CONTAINER SECURITY
10
Copyright © 2019 Accenture. All rights reserved.
• PERFORM SECURITY MATURITY ASSESSMENT OF YOUR CONTAINERIZED MICROSERVICES LANDSCAPE
• IDENTIFY/PRIORITIZE CONTAINER RISKS AND THREATS
• CREATE A ROADMAP WITH MITIGATION ACTIONS ADDRESSING ALL THE LAYERS
DIMITRIS PIKOULASMANAGER, CLOUD AND SECURITYCONTAINER SECURITY: SECURING YOUR CONTAINERIZED MICROSERVICES