Are containers secure by default? Do containers perform well? Can you run databases in containers? Can you run network scanning tools in containers? The best way to answer these questions is by replacing the word “container” with the word “process” and asking each of them again. This puts you in the right frame of mind to answer these questions and more. If Jiu Jitsu is the gentle art of folding clothes while people are still in them, so too, containers are the gentle art of running regular processes with extra security constraints in place.
In this session we will cover the security implications of running software in containers. We will refresh some basic concepts around confidentiality, availability, integrity, nonrepudiation, defense in depth, and how to think about tenancy. Then we will cover how these concepts affect container images, container hosts, and the orchestration layer.