In fact, the admin often controls so much that it is his or her user credentials that are the keys to the kingdom. It is usually the cloud admin who has the keys to the kingdom. At cloud scale, this becomes more complicated. It’s human nature to give control to a few parties, exposing an organization to all sorts of vulnerabilities. Too often, though, the attention centers on the unknown, when in reality, attacks are far more often about social engineering. But security is designed to be just the opposite. Compromises are inherent to Docker containers.ĭocker reflects the desire for less and less friction. Docker does not contain something as much as it provides a service. The problem: when it’s too easy, issues arise. There is no inherent security to a Docker container. The easier it is to run, the more likely you are to overlook the checks and balances. Security becomes a secondary factor with the need to scale ever higher. Listen to all TNS podcasts on Simplecast. #9: Docker’s Inherent Lack of Security, the Black Hat View We used this discussion as the starting point for a larger conversation about the rise of application development, the context of trust, and the industry’s overall flawed fascination with making things easy to use. At the Black Hat conference last week, I sat down with Adallom’s vice president of marketing, Tal Klein EMC’s senior director of trust, Davi Ottenheimer and Ryan Potter, Fortinet’s senior director of strategic alliances, to discuss the security features of Docker.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |