Container Defense in Depth

34

The new age of image-based containers exploded onto the scene in early to mid-2013. Since the early days of the Docker container engine, we heard questions of whether they were secure enough. Our very own Dan Walsh was heard many times saying, Docker containers dont contain  so the question is, can we safely use them? Especially in production?

Well, containers are really just fancy files and fancy processes which means that almost all of the current information assurance techniques we have are applicable to containers. In fact, many of the tools we have today can be applied more effectively to containers. If we can reprogram our architect brains a bit, we can apply a lot of what we know today to containers.

Lets start by thinking about the control points that we have in a containerized environment. There are three main components to a production container environment. We can control information flow at each layer.

 

Read more at The New Stack