Bringing trust to application containers world

Docker malware is now common, so devs need to take Docker security seriously” says Catalin Cimpanu in his article for Zero Day. The things went wrong when business went into raptures over the freedom brought by containers. Of course, who would dare to refuse the holy grail? Any server with one click, without CISOs and CIOs lamenting over security, Return on Investment etc.? Sure, let’s have one!

Usually there was no choice, be quick or be dead: DevOps got the container image from a hub in minutes, deployed it in a cloud with their software and there it was: unshielded but functional (=profitable) service. Then, after few days/months comes the bill of leaking secrets, compliance fines and disappointed clients, then the profit/loss balance goes to hell. Or, if you were lucky, security guys order you to immediately hunt for flaws and build safeguards into your (running) system, spoiling the UX and spending thousands on redesigning – at least that.

Few questions should have come in the meantime:

  • Are the downloaded container images trusted? The mentioned article shows clearly: they were – although should not have…
  • Are the risks assessed? Or at least known? Probably not, otherwise the profit/loss would look different…

Defenselayers’ approach comes here: DevOps would not have to trade security for time anymore. DevOps use our Secure Container Factory to deploy container which are safe and compliant out of the box. Why trust? Mainly, because the containers’ production cycle embraces the idea of security-by-design/default: from choosing only needed, secure and vulnerability-free components, through configuration with security in mind, up to final malware scanning –  the result is a trusted, anti-septic and safe product.

Leave a Reply

Your email address will not be published. Required fields are marked *