Q&A: How do good containers go bad?


Recently Tim Mackey, technical evangelist for open source security company , spoke at about “”. In the following lightly edited Q&A we pick his brains on the subject.

How are data centre threats evolving?

Data centre operators are facing dual challenges of infrastructure complexity and application velocity as they seek to adhere to global governance regulations such as GDPR. Today’s workloads are increasingly containerised, which means that new management and monitoring paradigms are required to remain compliant. One example of this complexity comes from requirements to patch applications. With bare metal and virtualised servers, we’ve evolved procedures where the operating system and application components within those servers are continuously updated as patches are released. Containerisation flips this paradigm where it’s considered poor practice to patch containerised applications. The preferred solution is to rebuild the container image from patched sources and then redeploy. This one change in procedure requires a reassessment of how applications are built, and importantly where trusted source files are located.

As AI and machine learning is gradually being used to improve data centre operations, is adversarial machine learning also becoming more prevalent?

There’s a lot of potential for bad actors to use AI and machine learning to mount attacks. Machine learning is great at evaluating large data sets and finding patterns. Open source projects are perfect data sets for ML to analyse and assess for potential attack vectors. As we see more AI employed in cybersecurity and data centre operations, it’s reasonable to expect that hackers will also implement this technology, whether that’s to launch phishing attacks or test scenarios that hackers can then use in a malware or DDoS attack.

What are the main ways containers can be compromised?

This is fundamentally a question of trust. For example, most container images are created from some source or base image and then application specific components are added to form the containerised application. With no validation of the security state for a base image, hackers can place modified components in base images which are then widely distributed, putting an entire container ecosystem at risk. The size of the developer community embracing containers continues to grow, offering an expanding target community for hackers.