Workload and Container Security

Once an attacker has any way in — a leaked credential, an open port, a vulnerable library — what runs on your workloads decides how bad it gets. Workload security is the inner perimeter.

Virtual Machines

Patching

Two viable strategies:

• Patch in place — Systems Manager Patch Manager, Azure Update Manager, OS Config + VM Manager. Schedules and reports compliance. Simple, but state drifts over time.
• Immutable infrastructure — bake a fresh AMI / image weekly with all patches; replace instances rather than patching. Auto Scaling Groups, VM Scale Sets, Managed Instance Groups make this practical. Preferred for cloud-native teams.

Either way: track CVEs, define an SLA (e.g. critical CVEs patched within 7 days), and report compliance.

Hardening

• Use minimal base images (Amazon Linux, Azure Linux, COS, Ubuntu Pro, Bottlerocket).
• Apply CIS benchmarks where regulation requires; otherwise pick the controls that matter.
• SSH only via Session Manager / Bastion / IAP — no inbound port 22.
• OS-level firewall on by default (ufw, firewalld) as a second line behind SGs.
• Endpoint protection / EDR (CrowdStrike, SentinelOne, Defender for Endpoint) on regulated workloads.

Vulnerability Scanning

AWS Inspector, Azure Defender for Servers, GCP Security Command Center automatically scan VMs for OS and library CVEs. Plug in third-party (Wiz, Tenable, Rapid7) for cross-cloud and richer reporting.

Containers

Containers add new layers but the principles are the same: small, patched, well-configured, monitored.

Image Hygiene

• Start from minimal images: Distroless, Alpine, Chainguard, Wolfi, Bottlerocket.
• Pin base image by digest (FROM image@sha256:...) — tags move.
• Multi-stage builds — final image holds only the binary, not build tools.
• Run as non-root: USER 1000.
• Read-only root filesystem; use tmpfs for ephemeral writes.
• No secrets in layers — pull at runtime from Secrets Manager / Key Vault / Secret Manager.
• Sign images with Cosign / Notary v2; verify in admission control.

Image Scanning Stages

1. In CI — Trivy, Grype, Snyk, Docker Scout. Fail PR on critical CVEs.
2. In the registry — ECR / ACR / Artifact Registry / Quay scan continuously. New CVEs against existing images surface here.
3. At admission — Kubernetes admission controller (Kyverno, Gatekeeper, Defender for Containers, Sysdig Admission). Block deploys that violate policy: latest tag, no signature, root user, known critical CVE.
4. At runtime — eBPF-based detection (Falco, Tetragon) catches behaviour scanners cannot — unexpected child processes, network anomalies, file access.

Kubernetes Specifics

• Namespace isolation + NetworkPolicies for pod-to-pod traffic.
• Pod Security Standards (Baseline / Restricted) enforce non-root, drop capabilities, no host network.
• Service accounts with minimal IAM via IRSA (AWS), Workload Identity (GCP), or AAD Pod Identity / Workload Identity (Azure).
• Secrets via external Secrets Operator or CSI driver — not Kubernetes Secrets in plain etcd.
• Audit logging on; ship to your SIEM.
• Regular kube-bench / CIS Kubernetes Benchmark scans.

apiVersion: v1
kind: Pod
metadata: { name: app }
spec:
  securityContext:
    runAsNonRoot: true
    runAsUser: 1000
    fsGroup: 2000
    seccompProfile: { type: RuntimeDefault }
  containers:
    - name: app
      image: registry.example.com/app@sha256:abc123...
      securityContext:
        allowPrivilegeEscalation: false
        readOnlyRootFilesystem: true
        capabilities: { drop: ["ALL"] }
      resources:
        limits: { cpu: 500m, memory: 512Mi }

Serverless (Lambda, Functions, Cloud Run)

The provider patches the runtime — but you still own:

• Your code and dependencies (npm, pip, NuGet, Maven). Scan them.
• The execution role / managed identity — the most common over-privilege spot.
• Trigger configuration — public API Gateway with no auth, S3 trigger from a public bucket, Pub/Sub with broad publishers.
• Secrets — pull from KMS / Key Vault / Secret Manager, never as plain env vars.
• Layer hygiene — Lambda layers and Functions extensions are shared trust surface.

Supply-Chain Security

Modern attacks target build pipelines and dependencies, not the running workload.

• SBOM (Software Bill of Materials) for every artefact — Syft, Trivy, ORAS.
• Sign artefacts at build (Sigstore Cosign), verify at deploy (Kyverno, AWS Signer, Defender).
• SLSA framework provides levels of build integrity to aim for.
• Dependabot / Renovate / Snyk for transitive dep updates.
• Pin GitHub Actions to commit SHAs, not tags.

The CI/CD course covered the pipeline side; here, the focus is the artefact you ship.

Runtime Protection

Detection that watches actual behaviour:

• Falco — open-source, Kubernetes-native, eBPF-based.
• AWS GuardDuty for EKS / EC2 — managed runtime monitoring.
• Azure Defender for Containers / Servers — agentless and agent-based.
• GCP Security Command Center Premium / Container Threat Detection.
• CNAPP platforms (Wiz, Prisma, Sysdig, Aqua, Lacework) cover runtime + posture across clouds.

Look for: unexpected outbound connections, crypto-mining processes, modifications to sensitive files, container escape attempts, kubectl exec from untrusted networks.

The Practical Bar for Production

• Images built from a small set of approved bases.
• Image scanning in CI and registry; block on critical CVEs.
• Signed images verified at admission.
• Containers run as non-root, read-only fs, dropped capabilities.
• Workload identity (no static creds in containers).
• Patching SLA tracked and reported.
• Runtime threat detection on; alerts go to the SOC / on-call channel.

Hit those and you are ahead of most teams. The rest is iteration on alert quality and policy granularity.