DockerCon 2017 is around the corner, starting in a few short days. Like most attendees, I like to look for the sessions that most impact my professional life. Lately that’s container security at production scale, and if you’ve dug into the topic in the past you’ll know it’s a bit messy! The following are the top four sessions I plan on attending, and why I feel them to be important.
1. The Future is Cloud Native
I think this is a fair statement, but also a huge challenge. Over my career there have been many disruptive technologies and architectures. Individually they’ve led us to the concept of cloud native applications, but for many development teams and enterprises I speak to, there are challenges. Most agree that if you’re starting a new enterprise you’d be crazy not to embrace the precepts of “Cloud Native Applications” and microservices. If you’re coming from an existing enterprise with existing application stacks, getting from “what you have” to cloud native isn’t always that easy. I’m hoping this star panel will give some nuggets of wisdom I can use to ease the concerns my customers have over containerizing applications.2. Containers – Part of a Balanced Diet for Successful IT
As part of enterprise migration to containerized service delivery, there is a natural hesitation with rapidly moving technologies like Docker. What gets lost in the discussion is the fact that Docker is based on the proven technology of Linux containers. This firm grounding stabilizes the security of containerized applications, enabling us to confidently deploy containerized applications at scale.
3. Securing Containers – One Patch at a Time
Patching systems is a well-defined process for enterprise operations teams. Patching containers involves an entirely different process; one which is complicated by scale. While most container orchestration solutions can help in the patching process, it’s important to understand why you need a well-defined container update procedure. This session promises to cover how container escapes can happen with a focus on CVE-2016-9962.
4. Secure Substrate – Least Privileged Container Deployment
While engineering teams are trained in concepts of least privilege, the reality is that when the pace of development is fast, security shortcuts are often the result. Compromising a container with elevated privileges can quickly grant access to information or capabilities that can facilitate additional attacks. If you’ve seen any of my talks or webinars, you’ve probably heard me talk about the “scope of compromise.” Preventing security beachheads from being created is a big topic for me, and I’ll be very interested in learning what additional measures I can take to limit the impact of any attack on my containers.
If you’re at DockerCon and would like to compare notes on container security, please do let me know. I'll be at Black Duck's booth #S6 or you can reach me on Twitter at @TiminTech. I’ve been working on a cool project that will be unveiled later this quarter, and if you ask about it, I might “leak” a few details ;)