AWS Strengthens Container Security in the Cloud

Amazon Web Services (AWS) has extended the reach of the Amazon GuardDuty security monitoring service to include threat detection for the runtime environments in which containers are deployed.

In addition, AWS Nitro Enclaves now supports Amazon Elastic Kubernetes Service (EKS) and Kubernetes. AWS Nitro Enclaves enables IT teams to create isolated computing environments on the Amazon Elastic Compute Cloud (EC2) platform. That capability can now be invoked without writing custom code via an open source tool called the Nitro Enclaves Kubernetes Device Plug-In to enable Kubernetes pods to manage the life cycle of an AWS Nitro Enclave.

Finally, AWS previews Amazon Security Lake to automatically centralize security data collected from the cloud, on-premises IT environments and custom sources in one central repository using the Open Cybersecurity Schema Framework (OCSF) standard. It employs threat intelligence feeds and machine learning algorithms to identify unexpected, potentially unauthorized and malicious activity within an AWS environment.

These latest offerings are part of an ongoing effort to bolster cloud security at a time when many organizations continue to struggle with defining best practices, notes Mike Rothman, general manager for Techstrong Research, an arm of Techstrong Group, the parent company and publisher of Container Journal.

As more workloads are deployed in the cloud it’s become apparent there is a need for some type of centralized function within an IT organization to ensure cloud security, Rothman says.

The challenge is that in the age of the cloud, many organizations have allowed developers with limited cybersecurity expertise to provision cloud infrastructure. Inevitably, that leads to misconfigurations that are easily exploitable by cybercriminals. A cloud-native environment is more dynamic, so the odds of mistakes being made only increase, notes Rothman. “It’s a lot more complex,” he adds.

It will be up to each IT organization to determine how heavily to rely on security tools from a cloud service provider rather than a third-party vendor specializing in cybersecurity. There is no shortage of such vendors specializing in container security that have already added support for container runtime environments; others have extended security platforms that support legacy IT environments to add support for both containers and their runtime platforms.

Regardless of approach, the number of cloud-native applications based on containers that are being deployed in production environments continues to climb. In fact, that growth is expected to drive the size of the global container security market from $1.3 billion in 2021 to $3.6 billion by 2026 for a compound annual growth rate of 22%, according to the research firm MarketsandMarkets.

In the meantime, cybercriminals are getting more adept at targeting containers and the platforms they run on. Most of those threats involve cryptojacking attacks that steal compute cycles from cloud service providers’ customers. However, once cybercriminals discover how to breach a container application environment, more lethal attacks using the same attack vectors will soon follow. The challenge is finding a way to thwart those attacks before cybercriminals ever get the chance to discover and exploit any other vulnerability.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1605 posts and counting. See all posts by Mike Vizard