Container Security in Microsoft Azure
Container technology is causing a structural change in the cloud-computing world. Containers make it possible to run multiple instances of an application on a single instance of an operating system, thereby using resources more efficiently. Containers give organizations consistency and flexibility. They enable continuous deployment because the application can be developed on a desktop, tested in a virtual machine, and then deployed for production in the cloud. Containers provide agility, streamlined operations, scalability, and reduced costs due to resource optimization.
Because container technology is relatively new, many IT professionals have security concerns about the lack of visibility and usage in a production environment. Development teams are often unaware of security best practices. This white paper can help security operations teams and developers in selecting approaches to secure container development and deployments on the Microsoft Azure platform.
This paper describes containers, container deployment and management, and native platform services. It also describes runtime security issues that arise with the use of containers on the Azure platform. In figures and examples, this paper focuses on Docker as the container model and Kubernetes as the container orchestrator. Most of the security recommendations also apply to other container models from Microsoft partners on the Azure platform.