Container security is the practice of correlating all inherent security risks in conjunction with the context of how the container is deployed and used. The risks can include vulnerabilities, dependencies, secrets, malware, IaC, licenses, and more. By adding the context about how each container is deployed, exposure to hackers, and how it is used, and more, we get a complete picture of the true risk profile. This true risk profile is invaluable for making technical decisions such as prioritizing remediation, whether to build a container (policy/compliance), whether to promote images, which Infrastructure as Code (IaC) files should be associated with certain images, and more.
There are also business decisions that are driven by information from these risk assessments, such as whether images can be exported, whether they run afoul of HIPPA and other legal constraints, license compliance, whether they are exposing Personally Identifiable Information (PII), and more. The business decisions can have a high impact on business success, including company reputation, outsized costs and even result in civil and criminal penalties.
Analyzing security risks individually, or without context from IaC and deployment insight, is insufficient because these variables combine to amplify the true risk profile. In this case, the truism applies: the whole is greater than the sum of the parts. Additional context such as which cluster an image is deployed in (e.g. internal vs. customer-facing), which labels are associated with the image (e.g. HIPAA, NO EXPORT, etc.), license compliance, open ports in the cluster, and more, must all be considered, along with the inherent security risks, to build a true risk profile.
Container Security Asset Management (CSAM) describes a set of tools that enable users to correlate the inherent security risks with the context of how they are exposed in deployment. Basically, you can think of CSAM as enabling users to correlate any combination variables to answer business questions and achieve specific actionable insights. Here are just a few examples of questions you might want to answer:
- License Compliance: Are we using a certain piece of software, which versions of that software and are we using it on internal or external facing clusters?
- Export Constraints: What countries can we export this software to, considering export controls in the labels or searching for software that is banned for export?
- Breach Exposure: Are we deploying any pods in customer-facing applications that contain PII, and which PII, so we understand and can reduce the blast radius of a breach.
- Prioritizing Remediation: By combining the various risk factors with deployment context, how do we prioritize containers to be remediated?
- …and many more
Container Security Asset Management (CSAM) enables you to combine all of the risk factors with deployment context to not only determine the true risk profile of certain containers, it also enables you to answer key business questions. This raises the value of container security tools from tactical tools used only by developers and security personnel, to being strategic business tools used by executives.