Google has added five container-focused security providers to its still fresh Cloud Security Command Center. The move bolsters that platform’s ability to secure containers running on Google’s Kubernetes Engine (GKE).
The command center provides a single pane of glass to view security alerts for clusters running in GKE. Users can view, organize, and index cluster assets across projects running in an organization. It also allows the linking of security findings to specific clusters, container images, and/or virtual machine (VM) instances.
Aqua Security, Capsule8, Stackrox, Sysdig Secure, and Twistlock have all jumped on board to integrate with the Google platform. This integration allows users to tap security tools from those vendors and view the results and recommendations in the Google platform.
Google’s security team noted in a blog post that the combined efforts would provide for “the best options for container runtime security” in Google’s Cloud Platform (GCP).
Analysts have noted that enterprises continue to struggle with proper security agents to handle container runtime and other aspects of container deployments.
Adrian Lane, CTO at Securosis, in a recent webinar laid out some basic container security tips that seem almost too simple. These included grabbing already used container or container images, thinking they have already been cleaned of potential malware; using vulnerable third-party containers or images; or attempting to update a running container while it’s in production.
Beyond those simple procedures, Lane also suggested that organizations should more aggressively segregate containers to limit access for their creation and access rights for a running container. He noted that only around 10 percent of organizations are currently doing this, and that he often sees pushback when segregation is suggested.
Google earlier this week targeted that last concern by open sourcing its gVisor sandboxed container runtime. The platform provides secure isolation for containers, while being more lightweight than a virtual machine (VM). It can also integrate with Docker and Kubernetes to allow for sandboxed containers in production environments.
Google’s broader command center platform was announced in mid-March as a central location on GCP to monitor security data across an organization. It provides visibility into GCP services and lets enterprises monitor GCP cloud assets, scan storage systems for sensitive data, detect vulnerabilities, and review access rights from a single dashboard.
When launched, the command center included interoperability with security partners such as Cloudflare, CrowdStrike, Dome9, Palo Alto Networks, Qualys, and RedLock.
Lane concurred, noting that organizations can benefit from using embedded security that comes from established cloud platforms.
“Cloud providers remove a lot of the responsibility from your shoulders and onto the cloud provider,” Lane said, adding that this as-a-service model is “a good advantage.”