Q&A: How do good containers go bad?

Tim Mackey, technology evangelist at Black Duck Software, talks security in containers

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Recently Tim Mackey, technical evangelist for open source security company Black Duck Software, spoke at London’s DevSecCon about “When Good Containers Go Bad”. In the following lightly edited Q&A we pick his brains on the subject.

How are data centre threats evolving?

Data centre operators are facing dual challenges of infrastructure complexity and application velocity as they seek to adhere to global governance regulations such as GDPR. Today’s workloads are increasingly containerised, which means that new management and monitoring paradigms are required to remain compliant. One example of this complexity comes from requirements to patch applications. With bare metal and virtualised servers, we’ve evolved procedures where the operating system and application components within those servers are continuously updated as patches are released. Containerisation flips this paradigm where it’s considered poor practice to patch containerised applications. The preferred solution is to rebuild the container image from patched sources and then redeploy. This one change in procedure requires a reassessment of how applications are built, and importantly where trusted source files are located.

As AI and machine learning is gradually being used to improve data centre operations, is adversarial machine learning also becoming more prevalent?

There’s a lot of potential for bad actors to use AI and machine learning to mount attacks. Machine learning is great at evaluating large data sets and finding patterns. Open source projects are perfect data sets for ML to analyse and assess for potential attack vectors. As we see more AI employed in cybersecurity and data centre operations, it’s reasonable to expect that hackers will also implement this technology, whether that’s to launch phishing attacks or test scenarios that hackers can then use in a malware or DDoS attack.

What are the main ways containers can be compromised?

To continue reading this article register now