Container Security at DockerCon EU
DockerConEU 2015 in Barcelona, Spain, kicked off with a podcast session hosted by The New Stack’s Alex Williams, recorded live for this edition of The New Stack Analysts. This time, waffles — not short stacks — were on the menu, but no one was heard to complain, because of Barcelona.
Nor did the early-morning panel waffle as it discussed container security and monitoring, the rapid adoption of Docker and Kubernetes, and defining the abstract notion of “microservices.” The result was a brisk and forward-looking discussion that captured the enthusiasm at the beginning of the conference.
Joining in the discussion were:
- Chenxi Wang, chief strategy officer at Twistlock.
- Jérôme Petazzoni, senior engineer at Docker.
- Fintan Ryan, analyst at RedMonk.
- Kit Merker, product manager at Google.
This podcast is also available on YouTube.
For Docker’s self-described “Tinkerer Extraordinaire” Petazzoni, the convergence point is the industry and the community. “I’m really excited to see that Docker, which was really born from its community at first, is now gathering this community and industry together in an event like this,” he said.
Earlier in the discussion, Williams asked Petazzoni about security concerns and shared responsibilities among users as more and more containers go into production.
“We’ve seen security evolve significantly between one year ago, when people were mostly concerned about isolation, and more recently when the focus shifted to the provenance of those containers,” said Petazzoni.
“If we follow the microservices idea of putting each different, little thing in a different cell or container, instead of having this giant, monolithic application that also changes itself and spins up more resources, we can have this application with front ends and back ends, and then we can have another service that is still part of the application but runs separately, and will take care of adding resources and changing resources.”
“Today, I think people are trying to find out what security for containers exactly means. There’s a lot of people worrying about, ‘containers are less secure than VMs,’ or something like that. That’s the wrong mindset. The right mindset is to remember that security is always a matter of layers, and security is depth and that containers are one extra layer. Instead of being afraid of, ‘I have less security because I have less containers,’ it’s always one extra layer. Any infrastructure with containers will always be more secure than the same infrastructure without containers.”
To subscribe to The New Stack Analysts podcast or check out other episodes, visit the podcast section of The New Stack.
Docker and Intel are sponsors of The New Stack.