Posted on

Securing Kubernetes From Within and Without

Overlaying security solutions to protect converged infrastructure and cloud-native environments can be tricky.

Enterprises using Kubernetes in hybrid cloud environments are reaping the benefits of development velocity and scalability, but they are also finding that traditional security measures are not able to address the challenges of cloud-native applications built of containers and hosted on virtualized infrastructure. Especially when migrating traditional software to containers and hybrid cloud environments, enterprises are at a loss for how to secure their applications.

Posted on

Full Lifecycle Container Security

According to our 2019 DevSecOps Community survey of over 5,500 IT professionals, just 24 percent of companies with mature DevOps practices have integrated and automate security into their DevOps pipeline — that drops to 3 percent for those without a DevOps practice. While the change to integrating security into the development process is a big culture shift, the benefits in security compliance and eventual cost savings, far outweigh the initial friction.

But, alas, that is a case for different posts and presentations.

Posted on

Ensuring Container Image Security: A Must-Have in DevSecOps

With the rise of new tech, a plethora of engineering jobs become available. This has opened up a number of unique and diverse career paths for software testers as well, such as security testing and management. In this article, you’ll find information about why focusing on security is so important to the advancement and sustained usage of containers, giving you a glimpse into the world of security testing.

Ensuring Container Image Security: A Necessary Step in Application Testing

Containers have introduced a new level of efficiency and power to distributed computing. Yet, the advantages that containers provide can be offset easily by the security risks they incur, unless an enterprise practices constant vigilance.

Posted on

Tom’s Tech Notes: What You Need to Know About Container Security [Podcast]

Welcome to our latest episode of Tom's Tech Notes! In this episode, we'll hear advice from a host of industry experts about how to secure your containers. Learn some tips about planning security policies, patching, and orchestration as the container ecosystem grows more complex.

As a primer and reminder from our intial post, these podcasts are compiled from conversations our analyst Tom Smith has had with industry experts from around the world as part of his work on our research guides.

Posted on

Container Concerns

To understand the current and future state of containers, we gathered insights from 33 IT executives who are actively using containers. We asked, "Do you have any concerns regarding the current state of container environments?"

Here's what they told us:

Posted on

Orchestrating and Deploying Containers

To understand the current and future state of containers, we gathered insights from 33 IT executives who are actively using containers. We asked, "What are the most important elements to orchestrating and deploying containers?"

Here's what they told us:

Posted on

Strategies and Technologies for Container Security

When adopting any new technology, the ability of that technology to mitigate or reduce security risks should always be on the table. Organizations hesitant to adopt containers are often wary of how their existing processes and paradigms address the challenges of securing containers in production.

For their many benefits, containers effectively represent a new layer in the application stack, which requires a new way of thinking about application security. In its Application Container Security Guide, NIST points out that as containers revolutionize application deployment, organizations must adapt their security strategies to new, dynamic production environments.

Posted on

Secure Docker in Production

You are using Docker for development and testing purposes but did not yet take the step to use it in production? Then read on, because in this blog post we will take a look at how you can ensure that you run your Docker containers in a secure way.

The CIS Benchmark

The default Docker installation does not provide us enough security for usage in production. Neither are the numerous examples of Dockerfiles you can find on the web. Even the Dockerfiles in some of our previous blog posts are not production ready. How do we know what to do in order to run our Docker container in a secure way? This brings us to the Center of Internet Security (CIS). The CIS provides best practices for securing IT systems and data against attacks. These best practices are identified and verified by a community of experienced IT professionals. In our case, we will take a look at the CIS Benchmarks page. Here we find a lot of benchmarks for operating systems, devices and software. Within this list, the CIS Benchmark for Docker Community Edition 1.1.0 is available. It is freely downloadable, but you do need to provide your contact details and after that, a download link is sent to your email address. This will also give you access to the other CIS benchmarks.