Recognizing the importance of DevSecOps, California’s Department of Technology (CDT) is building an agile framework and developer sandbox to support the service delivery platforms used widely in the commercial sector.
Yet there’s a catch: containers are great for developers, but a nightmare for security teams. As networks continue to abstract away from on-premise hardware to virtual machines to containers, the task of protecting networks becomes ever more complex.
There are many aspects to the container security challenge, including volume (maintaining situational awareness over thousands of containers), the ephemeral nature of containers (on average, most containers exist for less than a day), and the issue of hybrid environments (tracing containers across different clouds with varying toolsets).
Why current solutions aren’t enough
As California’s state agencies rapidly move to a DevSecOps model, they’ll have to figure out how to deal with container security.It’s abundantly clear that most security monitoring solutions aren’t up to the task. Most of these were built for an on-premise world that no longer exists – one where security teams could force compute through key choke points. These solutions also take a lot of time to gather, organize, and analyze data from increasingly complex networks.
There are open source tools on the market which build out many of the logs, metrics, and enriched data security teams need for a containerized network. While these tools are widely used, many of them are single-use, small scale programs. To be truly useful, an enterprise-level solution should seamlessly draw from all of these valuable data sources and put them into context. Rather than imposing a replacement across the board, the solution should draw on the useful data aggregators already in place.
How to secure containerized environments
Security monitoring in a containerized world means constant vigilance over a series of distributed, ephemeral, mobile operating units. Rather than forcing operations into the constraints of a rigid security architecture, the modern containerized environment requires that security architectures change to meet constantly changing business needs. That means a security system that is as flexible as the environment it controls.Security in a containerized environment also has to be lightning fast. When containers are spun up and drawn down within a matter of hours, any security vulnerability has to be identified, analyzed, and mitigated in very short order. That requires a solution which is constantly gathering and processing data across environments, tracing the complete container lifecycle.
Given the volume and complexity of data generated by containers, security needs to become a cross-functional discipline. Only by placing the information generated by containers in a meaningful context can security teams quickly diagnose and mitigate security threats. That means compiling logs from the surrounding network infrastructure and operating environments to provide a complete threat landscape.
Building a solution
Early on, Sumo Logic recognized the security and operational challenges inherent in a containerized world. Containers and microservices can be a daunting challenge for security teams dealing with a distributed, ephemeral, and mobile network environment.Responding to this challenge wasn’t – and isn’t – exactly a matter of snapping fingers and saying “abracadabra.” Even with a strong head start in compiling and analyzing data directly from cloud sources, Sumo Logic had to rethink its entire approach to match the distinct challenges and requirements of containerization. It meant adapting architectures and creating new methods to crunch the data, while drawing on the open source tools many security teams already rely on.
Sumo Logic didn’t approach this problem on its own. Rather than trying to reinvent the wheel, Sumo Logic decided to draw on the existing ecosystem of open source container security solutions, many of which accomplish specific tasks in an elegant, in-depth way. By integrating its approach to container security with these third-party tools, Sumo Logic was able to draw from the best in breed solutions which many security teams already rely on.
Using orchestration tools like Helm charts, Sumo Logic makes the collection of logs, events, and metrics much easier to configure and avoids the need for proprietary collection methods across containerized environments. The end result? Security teams discover and resolve issues faster and more efficiently, without waiting for months to configure and deploy a new system.
The future of California’s networks is containerized
As state agencies move away from on-premise infrastructure and into more fluid, flexible, mobile cloud environments, the use of containerization will be an increasing concern for security operations teams. Given the shortcomings of existing security monitoring solutions for containerized environments, it will be important for agencies to adopt new approaches and tools which account for the new reality of today’s decentralized networks.Containers are already the heart and soul of DevSecOps in the commercial world. Federal security teams will have to quickly adapt to this changing reality. Enabling innovation requires a new toolset they can trust. To get this process started, agencies can start to build out the back-end systems required to support the coming shift in operational models.
For more information contact:
Mark Sanders, Enterprise Account Executive
Sumologic Inc.
Email: msanders@sumologic.com
M: 916.247.0304
