Issue link: https://insights.oneneck.com/i/1293607
24 Containers For Dummies, HPE and Docker Special Edition These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Security is a key concern for just about every company on the planet, especially as we see more and more leaks of confidential information hitting the black market. No matter how you run your workloads, you need to keep security top of mind. Here's the current scenario: In the context of containers, people often talk about security as one of the challenges with the tech- nology. However, the devil is always in the details. Keep in mind that containers remain relatively new compared to other tech- nologies, and there will be gigantic leaps forward in all areas. When people talk about container security, they're often talking about availability. It's true that knocking a container host offline will probably impact more individual workloads than if you take down a virtualization host. That's just the laws of physics at play. You have the potential for far more workloads operating on a container environment, so more workloads are impacted when something happens. There are a couple of key security items that you should keep in mind with regard to containers: » Operating system (OS) compromise: In a traditional application deployment, an OS compromise via an applica- tion would compromise the entire server. With containers, however, while some container exploits have exposed the host operating system, Docker is constantly working on improving security and the container construct itself can provide some abstraction that can thwart certain attacks. » Compromised images: If you download images from untrusted sources, you might be at risk of installing malware into your organization. However, there is a way to avoid this. You have the ability to sign or to check vendor signatures on all the images prior to running them, thereby ensuring the validity of the container image and minimizing the risk of infection from malware. In addition, you can add metadata to the container to indicate whether the image can be run in a production environment. A seamless hybrid environment: Physical, virtual, cloud In the world of containers, infrastructure becomes an application platform rather than just data center hardware. To understand