Container Security 101: Expert Explains Immutability, Air Gaps and Verification

Containerized workloads have brought flexibility and scale to hybrid environments, but they've also become a prime target for attackers. During the Virtualization & Cloud Review Container Security 101 Summit held today, Greg Schulz emphasized that one of the most overlooked areas of protection is backup infrastructure itself.

Schulz, founder and senior advisor at Server StorageIO and a longtime Microsoft MVP, explained why data protection needs to go beyond routine snapshots and extend to immutability, air-gaps, and verification.

"Ransomware isn't just about locking files -- it's about taking away your options."

Greg Schulz, founder of independent IT analyst firm Server StorageIO

Immutability as Non-Negotiable
Schulz noted that backup systems are often the first thing adversaries target. "Ransomware actors want to encrypt or destroy backups, so ensure that your initial containment is protecting those systems," he said.

To counter this, immutability--making sure data cannot be altered once written--has become a foundational requirement. Schulz told attendees that without immutable storage, organizations risk discovering too late that every recovery point has been corrupted.

Data Protection and Resiliency Minimize Organizational Impact
[Click on image for larger view.] Data Protection and Resiliency -- Minimize Organizational Impact (source: Greg Shulz).

Air-Gaps for Extra Insurance
The next safeguard he highlighted was air-gapping--keeping copies isolated from the production network. "A flat network is much harder to contain than a segmented network," Schulz explained, drawing a connection between network design and the ability to preserve clean backups.

By physically or logically separating critical data stores, defenders can slow down attackers and ensure recovery options remain intact even if live systems are compromised.

Verification and Drills
Even with immutability and separation, restoration is not guaranteed. Schulz urged teams to test regularly: "Start to bring machines online slowly in small groups," he advised, noting that rushing can reintroduce hidden attacker tools from contaminated backups. He stressed that verification exercises are the only way to build confidence that recovery will work when it's needed most.

"Plugging that initial point of entry is going to be important to prevent re-infection," he added, pointing out that restoring without fixing the original vulnerability just resets the cycle.

From Backup to Resilience
Schulz positioned these practices as part of a broader resilience strategy. The focus, he said, should not be on blame but on closing monitoring gaps and briefing executives on a clear plan for improvement.

"This is not a blame session, instead it is necessary to find gaps in monitoring," he explained. By making immutability, air-gaps, and verification routine, organizations can prevent a crisis from turning into catastrophe and ensure container environments are better prepared for the next incident.More details from Schulz's full presentation are available in the Container Security 101 Summit replay.

And More
Beyond those top topics discussed above, Schulz also covered a range of other key topics. You can learn all about those in the replay.

And, although replays are fine -- this was just today, after all, so timeliness isn't an issue -- there are benefits of attending such summits and webcasts from Virtualization & Cloud Review and sister sites in person. Paramount among these is the ability to ask questions of the presenters, a rare chance to get one-on-one advice from bona fide subject matter experts (not to mention the chance to win free prizes -- in this case a Nintendo Switch awarded by sponsor Wiz, which also presented at the summit).

With all that in mind, here are some upcoming summits and webcasts coming up from our parent company in the next month or so:

About the Author

David Ramel is an editor and writer at Converge 360.

Featured

Subscribe on YouTube