Peter A Clarke

For those interested in practical privacy and compliance with data security standards the various guides published by the National Institute of Standards and Technology (the “NIST”) are particularly useful.  The Australian Privacy Principles are written in the general and the Commissioner’s guidelines are quite anodyne.  The NIST guidelines are best practice.

The latest publication by the NIST, Application Container Security Guide, deals with an increasingly important part of computer security. It is quite a lengthy document, and technical.  Its purpose is to set out and explain the security concerns associated with application container technologies and makes practical recommendations for addressing those concerns when planning for, implementing, and maintaining containers.

The recommendations are:

• Tailor the organization’s operational culture and technical processes to support the new way of developing, running, and supporting applications made possible by containers.
• Use container-specific host OSs instead of general-purpose ones to reduce attack surfaces.
• Only group containers with the same purpose, sensitivity, and threat posture on a single host OS kernel to allow for additional defense in depth.
• Adopt container-specific vulnerability management tools and processes for images to prevent compromises.
• Consider using hardware-based countermeasures to provide a basis for trusted computing.
• Use container-aware runtime defense tools.