As part of an update to its Ubuntu operating system, Canonical has added Grafana Loki, Apache Kafka and Apache Cassandra container images to the portfolio of images to which it provides long-term support. Those images, along with one encapsulating Canonical Ubuntu 22.04 LTS edition of Linux, can be accessed via DockerHub.
The latest edition of Ubuntu also adds support for cloud confidential computing on the Microsoft Azure cloud, a real-time kernel for industrial applications, the Rust programming language, OpenSSL v3 cryptographic algorithms, and virtualization software on graphical processor units (GPUs) from NVIDIA.
Canonical CEO Mark Shuttleworth said this latest edition of Ubuntu will cement the company’s dominance of cloud computing environments where the company claims its distribution runs on more than 100 billion instances of virtual machines a year.
Previously, Canonical via an alliance with Docker Inc. has committed to publishing a curated set of secure container application images on Docker Hub that it will support for 10 years. As part of that commitment, Canonical will fix within 24 hours any critical security issues that impact any of the containers that are part of its Long Term Support (LTS) Docker Image Portfolio. Images already supported by Canonical include MySQL and PostgreSQL databases and NGINX proxy software.
The overarching goal is to provide organizations with a set of container images that have been vetted. In the wake of a series of high-profile security breaches, there is now a lot more focus on securing software supply chains. Most of the instances involving malicious containers thus far have involved cryptojacking efforts to mine digital currencies on cloud platforms. However, an innocuous-looking container on a public registry could be hiding a more lethal payload. Some containers might not even contain a malicious payload until after they are downloaded. Instead, an external call to download a piece of malware is made after installation. Canonical and Docker Inc. are trying to ensure there are large numbers of verified container images available that IT organizations can employ knowing that the software included with the container is secure.
None of these security concerns appear to be slowing the rate at which container applications are being built and deployed. However, as the number of containers deployed in production environments continues to steadily increase, they increasingly are being used to build and deploy mission-critical applications that have sensitive data.
It’s not clear to what degree containers may be compromised, but it’s a lot easier to rip and replace a container than it is to patch a monolithic application. As such, container applications, in general, should be more secure. However, IT teams still need to be concerned about vulnerabilities that are discovered after a container is deployed, many of which are now running for longer amounts of time as more stateful applications are deployed.
Given the prevalence of containers, there’s no doubt cybercriminals are now aggressively researching ways to compromise them. The challenge going forward is to find ways to continuously secure those containers before and after they are deployed in production environments.