As cloud infrastructures become widely adopted across many organizations, some are also moving their software projects to the cloud — specifically containerized environments. While this move brings agility and scale with it, a false assumption can also arise: “My applications are inside containers, so they are secure.” In reality, however, it’s often the opposite.
Putting applications into containers does not make them secure. For example, legacy applications may include previously unknown vulnerabilities. Container images may have vulnerabilities that date back for several years and can rely on older frameworks that have known vulnerabilities. Containerized applications can run with excessive permissions, and the cloud itself can be misconfigured and leak data.
In all cases, applications and images do not gain security benefits simply from being containerized. Vulnerabilities will still exist, but you may just not know about them. Furthermore, managing security in the cloud follows the same basic rules as managing on-premises environments.