最后更新于2023年8月25日星期五17:22:14 GMT
With increasingly complicated network infrastructure 和 organizations needing to deploy 应用程序 across various environments, 云容器对于公司保持敏捷性和创新性是必要的. 容器 are packages of 软件 that hold all of the necessary components for an app to run in any environment. 云容器的最大好处之一? 它们将操作系统虚拟化, 允许用户从私有数据中心访问, 公共云, 甚至是笔记本电脑.
根据Faction最近的研究, 92%的组织 have a multi-cloud strategy in place or are in the process of adopting one. 除了无处不在的云计算, 有各种各样的云容器提供商, 包括谷歌云平台(GCP), 亚马逊网络服务(AWS), 和微软Azure. 近 80%的集装箱 on the cloud, 然而, run on AWS, which is known for its security, reliability, 和 scalability.
在云容器安全方面,AWS的工作方式是 责任分担模式. This means that security 和 compliance is shared between AWS 和 the client. AWS protects the infrastructure running the services offered in the cloud — the hardware, 软件, 网络, 和设施.
不幸的是,许多AWS用户止步于此. They believe that the security provided by AWS is sufficient to protect their cloud containers. While it is true that the level of customer responsibility for security differs depending on the AWS product, each product does require the customer to assume some level of security responsibility.
为了避免这种错误, let’s examine why your AWS cloud container needs additional client-side security 和 how Rapid7 can help.
您的AWS容器需要客户端安全性的主要原因
可见性和监控
Some of the same qualities that make containers ideal for agility 和 innovation also creates difficulty in visibility 和 monitoring. 云容器是短暂的,这意味着它们很容易建立 和 摧毁. 这对于快速移动工作负载和应用程序非常方便, 但这也使得追踪变化变得困难. Many AWS containers share memory 和 CPU resources with a variety of hosts (physical 和 cloud) in your ecosystem. 因此, monitoring resource consumption 和 assessing container 表演 和 application health can be difficult — after all, how can you know how much memory is being utilized by the container or the physical host?
Traditional monitoring tools 和 solutions also fail to collect the necessary metrics or provide the crucial insights needed for monitoring 和 troubleshooting container health 和 表演. 而AWS为云容器结构提供保护, visualizing 和 monitoring what happens within the container is the responsibility of your organization.
警报上下文化和修复
随着公司的发展和云基础设施的扩展, 你的DevOps团队将继续创建容器. For example, Google runs everything in containers 和 launches an epic amount of containers (每周数十亿美元!),以跟上开发人员和客户的需求. While you might not be launching quite as many containers, it’s still easy to lose track of them all. Organizations utilize alerts to keep track of container 表演 和 health to resolve problems quickly. While alerting policies differ, most companies use metric- or log-based alerting.
It can be overwhelming to manage 和 remediate all of your organization’s container alerts. Not only do these alerts need to be routed to the proper developer or resource owner, but they also need to be remediated quickly to ensure the security 和 continued good 表演 of the container.
网络安全标准
While AWS provides security for your foundational services in containerized 应用程序 — computing, 存储, 数据库, 和 网络 — it’s your responsibility to develop sufficient security protocols to protect your data, 应用程序, 操作系统, 和防火墙. In the same way that your organization follows external cybersecurity st和ards for security 和 compliance across the rest of your digital ecosystem, it's best to align your client-side AWS container security with a well-known industry framework.
Adopting a st和ardized cybersecurity framework will work in concert with AWS’s security measures by providing guidelines 和 best practices — preventing your organization from a haphazard security application that creates coverage gaps.
Rapid7如何帮助提高AWS容器的安全性
Now that you know why your organization needs client-side security, here’s how Rapid7 can help.
- 可见性和监控: Rapid7的InsightCloudSec 持续扫描云的基础设施, 业务流程平台, 以及提供实时健康评估的工作量, 表演, 和风险. 能在60秒内扫描容器, your team will be able to quickly 和 accurately track changes in your containers 和 view the data in a single, 方便的平台, 非常适合跨团队协作和快速修复问题.
- 警报情境化和修复: Client-side security measures are key to processing 和 remediating system alerts in your AWS containers, 但这不能手工完成. 自动化是警报上下文化和修复的关键. InsightCloudSec integrates with AWS services like Amazon GuardDuty to analyze logs for malicious activity. The tool also integrates with your larger enterprise security systems to automate the remediation of critical risks in real time — often within 60 seconds.
- 网络安全标准: While aligning your cloud containers with an industry-st和ard cybersecurity framework is a necessity, 这通常是一种挣扎. Maintaining security 和 compliance requirements requires specialized knowledge 和 expertise. 由于创纪录的员工短缺,这往往被搁置一边. InsightCloudSec 自动化云遵从性 for well-known industry st和ards like the National Institute of St和ards 和 Technology’s (NIST) 网络安全框架(CSF) 使用可映射回特定NIST指令的开箱即用策略.
保护好你的容器(和里面的东西)
AWS’s 责任分担模式 of security helps relieve operational burdens for organizations operating cloud containers. AWS clients don’t have to worry about the infrastructure security of their cloud containers. 云容器中的内容, 然而, are the owner’s responsibility 和 require additional security considerations.
客户端安全性对于适当的监视和可见性是必要的, 减少警报疲劳和实时故障排除, 以及外部网络安全框架的应用. 正确的工具, 比如Rapid7的InsightCloudSec, 能否在这些领域及其他领域提供关键支持, filling crucial expertise 和 staffing gaps on your team 和 empowering your organization to confidently (和 securely) utilize cloud containers.
希望了解更多有关AWS容器安全性的信息? 下载 使用AWS上的Rapid7加强您的容器化应用程序.
