Challenges & Best Practices in Securing Application Containers and Microservices

By Anil Karmel, Co-Chair, CSA Application Containers and Microservices (ACM) Working Group

Application Containers have a long and storied history, dating back to the early 1960s with virtualization on mainframes up to the 2000s with the release of Solaris and Linux Containers (LXC). The rise of Docker in the early 2010s elevated the significance of Application Containerization as an efficient and reliable means to develop and deploy applications. Coupled with the rise of Microservices as an architectural pattern to decompose applications into fundamental building blocks, these two approaches have become the de facto means for how modern applications are delivered.

As with any new standard, challenges arise in how to secure application containers and microservices. The National Institute of Standards and Technology’s (NIST) Cloud Security Working Group launched a group focused on developing initial guidance around this practice area. The Cloud Security Alliance partnered with NIST on development of this guidance and focused on maturing the same culminating in the release of two foundational artifacts:

CSA’s Application Container and Microservices Working Group continues the charge laid by NIST to develop additional guidance around best practices in securing Microservices.

We want to invite interested parties to contribute content towards this end.  Please visit https://cloudsecurityalliance.org/research/join-working-group/ to join this working group.