TL;DR: Containerization improves portability and density, but its shared-kernel model shifts security risk into images, registries, orchestration, and runtime settings, according to Orca Security. For IAM and platform teams, the governance challenge is to control workload identity, RBAC, secrets, and admission policy as one operating model, not as separate checklists.
At a glance
What this is: This guide explains how containerization works and why its shared-kernel security model creates risk across images, registries, Kubernetes, and host configuration.
Why it matters: It matters because container security failures often present as identity and access problems, so IAM, PAM, NHI, and platform teams need one governance model for workload permissions and secrets.
👉 Read Orca Security's full guide to containerization security risks and strategies
Context
Containerization packages an application and its dependencies into an image that runs as processes on a shared host kernel. That design improves portability, but it also means security depends on the surrounding controls rather than on a full guest operating system boundary.
For identity teams, the important question is not whether containers are secure in the abstract. It is whether image provenance, registry access, Kubernetes RBAC, secrets handling, and host hardening are aligned well enough to prevent a small deployment mistake from becoming an environment-wide exposure.
Key questions
Q: How should security teams govern container workloads with Kubernetes RBAC?
A: Treat Kubernetes RBAC as workload identity governance, not just cluster administration. Grant only the verbs required for deployment and runtime access, separate human operator rights from service account rights, and prevent cluster-admin from becoming the default path for application delivery. Combine RBAC review with admission control so excessive privilege is stopped before a pod starts.
Q: Why do containers create more lateral movement risk when secrets are poorly handled?
A: Containers commonly expose credentials through environment variables, mounted files, and attached service identities. If those secrets are reused or left broad in scope, a compromise of one container can become access to other workloads, namespaces, or cloud resources. The risk is not the container alone, but the identity and secret lifecycle around it.
Q: What breaks when container admission controls are missing?
A: Without admission controls, risky workloads can run with privileged mode, host mounts, weak security contexts, or unreviewed image provenance. That means the platform may accept a workload that scanning alone would not have blocked, and the result is a deployed configuration with avoidable escape and lateral movement paths.
Q: Which frameworks should teams use to govern container security risk?
A: NIST SP 800-190 and the CIS Kubernetes Benchmark are the clearest starting points for container governance. Use them to structure controls across image scanning, RBAC, admission policy, and host hardening, then tie those controls back to your broader identity and access programme so workload permissions are not managed in isolation.
Technical breakdown
How container images and runtime layers create the attack surface
A container image is an immutable build artifact, while the running container adds a writable layer at runtime. That distinction matters because risk is introduced in both places: in the image through vulnerable packages, exposed secrets, and untrusted base layers, and at runtime through environment variables, mounted files, and overly broad permissions. The engine and orchestrator then decide how the workload is scheduled, isolated, and connected. If policy is only applied at build time, the runtime layer can still expose the workload to privilege escalation or secret extraction.
Practical implication: treat image provenance, runtime settings, and secrets injection as one control plane, not three separate reviews.
Why Kubernetes RBAC and admission control matter more than image scanning alone
Image scanning finds vulnerabilities, but it does not stop a workload from starting with excessive privileges. In Kubernetes, RBAC controls who can create, modify, or access objects, while admission policies decide whether a pod is allowed to run with risky settings such as privileged mode, hostPath mounts, or weak security contexts. This is where container security becomes identity governance as much as infrastructure protection. A clean image deployed under cluster-admin permissions still creates lateral movement risk, because the orchestration layer becomes the real enforcement boundary.
Practical implication: pair image scanning with admission policy and RBAC review so runtime permission is blocked before deployment.
How secrets and service accounts expand container compromise
Containers commonly read configuration from environment variables, mounted files, and service identities attached to the workload. That makes secrets exposure especially damaging, because stolen credentials often outlast the container itself and can be reused elsewhere in the platform. The article also notes that misconfigured service accounts and cluster-admin privileges can enable lateral movement across environments. This is an NHI problem as much as a container problem, because API keys, tokens, and workload identities become the practical bridge from a local compromise to broader cloud access.
Practical implication: inventory container secrets and service accounts as governed non-human identities with explicit scope and rotation.
Threat narrative
Attacker objective: The attacker aims to turn a workload-level foothold into broader cluster or cloud control by abusing the container's credentials and permissions.
- Entry typically begins through a vulnerable image, exposed secret, or a workload created with overly broad permissions on the cluster.
- Escalation occurs when the attacker reaches a privileged container, a dangerous host mount, or a service account with access beyond the workload's intended scope.
- Impact follows through container escape, lateral movement across namespaces or accounts, and unauthorized access to data or cloud resources.
Breaches seen in the wild
- LiteLLM PyPI package breach — LiteLLM PyPI supply chain attack, credentials stolen from users.
- DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Container security is now an identity governance problem, not just a platform-hardening problem. The article is right to frame images, registries, orchestration, and host settings as a single attack surface. In practice, the most dangerous failures are permission failures: who can deploy, what the workload can reach, and which secrets it inherits. Practitioners should govern containers as an identity-bound workload model, not as a packaging format.
Workload identity inside containers is the control point that determines blast radius. Containers rarely fail because they run at all. They fail when their attached identities, mounted secrets, or cluster permissions let an otherwise ordinary process reach beyond its intended scope. That is why container programmes need the same lifecycle discipline applied to other non-human identities: creation, scope, review, and offboarding. Practitioners should treat service accounts and token sprawl as first-class governance objects.
Least privilege in containers fails when teams treat Kubernetes defaults as acceptable policy. The article highlights privileged containers, host mounts, and broad RBAC as common risks, and those are all examples of access granted too early and too widely. Identity blast radius: this is the right named concept here because one mis-scoped workload identity can turn a single pod into an access bridge across namespaces, nodes, and accounts. Practitioners should measure how far a compromised container can move before controls stop it.
Container hardening should be evaluated as a joined control chain from build to runtime. Image provenance, registry controls, admission policy, RBAC, and host configuration all have to hold at once. The article shows why isolated tooling is not enough: a scanned image can still deploy with dangerous permissions, and a locked-down runtime cannot compensate for secrets baked into the build. Practitioners should align controls to the full container lifecycle rather than treating any single checkpoint as sufficient.
From our research:
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to the 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
- For the broader shift in identity governance, see Ultimate Guide to NHIs , What are Non-Human Identities.
What this signals
Container programmes are converging with identity governance because the operational control that matters most is no longer just node hardening, but who or what can act inside the cluster. Teams that still treat service accounts, tokens, and registry access as secondary concerns will keep rediscovering the same failure mode at different layers of the stack.
Identity blast radius: this is the practical lens to apply when evaluating container risk. Once a workload identity can reach secrets, metadata services, or privileged APIs, the technical boundary of the container is less important than the access it carries into the rest of the environment.
For teams building out policy, the useful next step is to connect container controls with broader NIST-aligned governance using the NIST Cybersecurity Framework 2.0. That keeps build, deploy, and runtime controls in the same governance conversation instead of splitting them across platform and security teams.
For practitioners
- Map container workloads to explicit workload identities Inventory which service accounts, tokens, API keys, and certificates each workload uses, then assign scope by namespace, service, and environment so no container inherits broader access than it needs.
- Block risky container settings before deployment Use admission controls to reject privileged containers, hostPath mounts, Docker socket mounts, and security contexts that allow unnecessary kernel or node access.
- Review Kubernetes RBAC as an access governance control Audit who can create pods, modify secrets, and bind cluster-admin roles, then remove permissions that are convenient for operations but unnecessary for workload delivery.
- Separate secret injection from image build pipelines Keep credentials out of image layers and source repositories, inject them at runtime, and rotate them on a schedule that matches workload lifetime and exposure risk.
Key takeaways
- Container security failures often begin as identity failures, because the real risk is the permissions and secrets attached to the workload.
- A container can look clean at build time and still be dangerous at runtime if RBAC, admission policy, or host settings are too permissive.
- Teams should govern containers as part of the wider identity programme by controlling workload identities, secrets lifecycle, and deployment permissions together.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Secrets and workload identities are central to container risk in this guide. |
| NIST CSF 2.0 | PR.AC-4 | Container RBAC and least privilege map directly to access control governance. |
| NIST Zero Trust (SP 800-207) | SC-7 | Admission control and network boundaries support zero-trust segmentation for containers. |
Review container and cluster access against least privilege, then remove broad operator and workload permissions.
Key terms
- Container Image: A container image is an immutable package that holds an application and its dependencies. It becomes the starting point for a running container, so anything embedded in the image, from packages to secrets, can shape both functionality and security exposure.
- Kubernetes Admission Control: Admission control is the policy gate that decides whether a workload is allowed to run in the cluster. It is one of the most important enforcement points for stopping privileged settings, unsafe mounts, and noncompliant deployments before they become active risk.
- Workload Identity: Workload identity is the set of credentials or trust relationships a service uses to authenticate and access resources. In container environments, it often determines whether a compromised pod can stay local or expand into cloud APIs, registries, and other workloads.
- Identity Blast Radius: Identity blast radius is the amount of access a compromised identity can reach before controls stop it. In container environments, it depends on service account scope, secret reuse, namespace boundaries, and whether the platform prevents privilege escalation early enough.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by Orca Security: Containerization Security: Risks and Strategies. Read the original.
Published by the NHIMG editorial team on 2026-06-11.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
