Build resilient systems at scale
May 27–29, 2015 • Santa Clara, CA

Operating Docker securely for speed and profit

Jen Andre (Komand)
11:50am–12:30pm Thursday, 05/28/2015
Location: Ballroom GH
Average rating: ***..
(3.10, 10 ratings)

Prerequisite Knowledge

Some knowledge about the use cases for Docker or containers in general

Description

What’s old is new again: Docker has made containers the new hotness all over again. It’s been vaunted as another tool to make deployments faster and infrastructure simpler to manage. But with Docker’s popularity has come a lot of debate regarding whether or not Docker containers are safe for production deployments. As with most emerging technologies, this isn’t a question with a clear ‘yes’ or ‘no’ answer; it highly depends on your use case, and how you operationalize the technology.

Out of the box, Docker integrates with Linux technologies natively (process capabilities, user namespaces, AppArmor, SELinux) that ‘sandbox’ the activity a container can do. However, by default it does it in a generic, non-application-specific way. But you can do so much more!

In this talk, Jen will give you an introduction to the Docker security model as it stands today, some possible pitfalls to be aware of, and how to work within that model to make sure you are not introducing risk. She’ll discuss interesting knobs and whistles you can configure (such as AppArmor profiles) to harden your containers, and some interesting open-source tools that make that job easier.

Jen Andre

Komand

In addition to being co-founder at cloud-security company Threat Stack, Jen has worked in R&D at catch-the-bad-guys company Mandiant and as a security analyst and software engineer at Symantec. Jen loves security, open source, automation, and especially loves where these things intersect (which is why she likes to talk security at ops-related conferences and blog about these subjects all over the place).