Issue link: https://insights.oneneck.com/i/1293607
42 Containers For Dummies, HPE and Docker Special Edition These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. To maintain agility, you should consider introducing a security element into any DevOps you undertake. Security processes can be automated using tools that have published application program- ming interfaces (APIs), which can be integrated as part of your continuous integration (CI)/continuous deployment (CD) pipeline. Docker containers are quite secure by default, and you can increase their security by following a few best practices. » Manage your container-based processes using non- privileged user accounts. In other words, don't use root for everything. » Make sure to use trusted images. A compromised image can get past even your best security measures. Make sure that the source from which you obtain images is trusted and secure. It's often recommend that enterprises undertaking Docker projects use their own private registries. If you're using a public repository, make sure downloaded images have a valid signature. Docker makes it super simple for you to sign your own images, too. Whereas a security authority in traditional infrastructure can be a beast to manage, Docker Datacenter includes a built-in notary server and already has the infrastructure set up to do this for you. All you need is Docker EE Standard or Advanced, which includes Docker Datacenter, and you'll have all the infrastructure you need to sign your own images and keep your environment safe. » Consider additional security layers. You can use tools such as Security-Enhanced Linux (SELinux) to harden your Docker hosts. You can also use Docker Bench, which is a script that checks for dozens of common security best practices around deploying Docker containers in production. Storage If you're undertaking a Docker enterprise deployment, you need to consider storage. Just as you did for physical servers and virtual machines, you need a place for workloads to reside and store their data. Here's how storage works in Docker: In a container, if you make changes during runtime, those changes are saved in the read/ write layer that is attached to that container when it's initialized.