The curse of containers in cyber security
Nowadays, everyone comments on the failures in cybersecurity in large companies, the scourge of the ramsonware ha is here to stay The reason for this is that those in charge still fail to raise awareness in companies and end up entering through the weakest point in the chain - human beings and their curiosity.
But today I wanted to talk about our "friends" the containers. This technology is so widespread that it forces us to start looking at it from several points of view, not only from the functionalities and speed of deployment that it offers, but also from the possible security breaches that the images bring.
Developers have quickly adapted to this life-saving technology, simply search for the features needed for your project and download, They lift the container and get to work, although they almost always rely on official sites, this is not always the case and they don't ask themselves: will it have any company?
Even when downloading containers from official sites, I have rarely seen people ask, "Do I need to update anything? Many of the images found within Docker have been up for a year or more and the question is no security updates for these images?
I am not saying that it is the company that maintains the download site of the images that is responsible for updating them, but it is the responsibility of the developers to try to update the image before starting to develop on it, in an ideal world the companies would have to have their own authorised repository with the images ready and updated and if someone has to use a new one they should go through a process of checking and fine tuning, but this would be in a life cycle of DevOps mature.
But it is not only the developers who are to blame, there are many companies selling products based on this technology, and just like developers, they distribute images with security flaws, and here they should be required to ensure that an image without security it is an image that should not be sold/distributed. because of the potential risks they pose.
I can only recommend that the containers be updated, that they be looked after as a system and that we never hear again that "if it works, don't touch it". Don't forget that these systems are as much a point of failure as any other.