The document discusses the barriers to container security and strategies for overcoming them, emphasizing the importance of security throughout the software development lifecycle (SDLC). It outlines key steps such as control through CI/CD gates, using trusted sources, ensuring hygiene, and monitoring deployments. Rising costs associated with fixing security issues are highlighted, along with the increasing trend of companies implementing security measures early in the development process.

1. 1
Barriers to Container Security
and How to Overcome Them
How to approach security when most of your
software comes from the community
Jeffrey Martin
Senior Director of Product at WhiteSource

2. 2
THE CONTAINER LIFECYCLE
Build RunShip

3. 3
THE CONTAINER IMAGES LAYERS

4. 4
LET’S START WITH THE OBVIOUS QUESTIONS
▪ Do you use a private registry?
▪ When using a public registry, are the images signed?
▪ Are you running the containers with a root user?

5. THE CHALLENGES OF OPEN SOURCE USAGE
Reported Vulnerabilities
Are Rising
Less Time To Fix

6. 6
SECURITY SHOULD BE A BIG CONSIDERATION

7. 7
WHAT CAN HELP YOU GAIN VISIBILITY?

8. 8
THE QUESTION IS, HOW SOON IN THE SDLC?
PLAN CODE BUILD MAINT.DEPLOY

9. 9
THE EARLIER, THE CHEAPER AND EASIER TO FIX
Coding
$80/Defect
Build
$240/Defect
QA & Security
$960/Defect
Production
$7,600/Defect
The cost of fixing security and quality issues is rising significantly, as the development cycle advances.

10. 10
66% of companies have already implemented application testing during or even pre-build stage.
In what stage of the SDLC do you spend most of your time implementing security
measures?
HOW ARE OTHER COMPANIES HANDLING IT?

11. 11
Barriers
Step 1: Control
Step 2: Sources
Step 3: Hygiene
Step 4: Deploying

12. 12
Step 1: Control = CI/CD Gates
Scan across the lifecycle:

13. 13
Barriers
Step 1: Control
Step 2: Sources
Step 3: Hygiene
Step 4: Deploying

14. 14
Step 2: Source = Knowing and Labeling Trusted
Sources
Use private registries and sign images from public registries

15. 15
Barriers
Step 1: Control
Step 2: Sources
Step 3: Hygiene
Step 4: Deploying

16. 16
Step 3: Hygiene = Don’t Use Defaults
Enable Role-Based Access Control (RBAC) in your container
orchestration

17. 17
Step 3: Hygiene = Don’t Use Defaults
Use Namespaces to establish
Security Boundaries

18. 18
Barriers
Step 1: Control
Step 2: Sources
Step 3: Hygiene
Step 4: Deploying

19. 19
Step 4: Deploying = Prevent and Monitor
Prevent deployment of images with
known vulnerabilities

20. 20
Step 4: Deploying = Prevent and Monitor
Validate image signatures

21. 21
Step 4: Manage Deployments
Monitor for new vulnerabilities
(Bad actors are!)

22. Thank You!
22