More often, companies are looking closely at, and adopting, containers in their IT operations. After all, containers have broad appeal. But they also change how companies develop, deploy and manage applications, and security is particularly important. Join this webinar, now available on demand, to learn all about best practices for container security, and to get a closer look at the Red Hat OpenShift Container Platform.
Led by Kirsten Newcomer, manager, Portfolio & Solutions Security Marketing, Red Hat, with Aaron Weitekamp, senior software manager, Red Hat, the webinar also covers how to:
- Automatically scan ImageStreams for security vulnerabilities.
- Proactively monitor for vulnerability disclosures.
- Identify security issues within the software supply chain.
- Gate deployments based on policy.
Containers make it easier to “package an application and all of its dependencies into a single image that can be promoted from development to test to production, without change,” Newcomer notes in the webinar. “This makes it easy to ensure consistency across all environments, including physical servers, virtual machines, public or private clouds. All of this makes it easy for teams to develop and manage the applications that drive business value.”
But Newcomer stresses that the “pace of development and deployment of containers at scale challenges the traditional and relatively static enterprise security model, and enterprise use of containers requires strong security.”
Without consistent management and introspection, it can be easy to lose track of container images and their content. In order to get the business advantage of containers, enterprises need to evolve their approach to security, according to Newcomer. Red Hat’s model for container security stresses the integration of security throughout the lifecycle of the container and throughout the layers of the solution stack.
Many enterprises rely on public images to build containers, and these container images often contain open source code. This is why it is important to know where the images come from, who built the image, and whether there is any malicious code, Newcomer says. It’s also important to know how frequently the images are updated.
The Red Hat Container Catalog offers certified images for customers, and uses established processes for identifying and fixing vulnerabilities and then delivers them to customers.
“Security is an underlying theme for Red Hat,” says Weitekamp. “We are connected with a diverse vulnerability identification ecosystem, with upstream project relationships of vendors and individuals that enable us to respond rapidly to vulnerabilities.”
Newcomer and Weitekamp outline several best practices for securing containers during the webinar that can be used no matter what container platform companies are using. For example, it is recommended that companies manage container content in private registries during the build and continuous integration (CI) processes and the deployment processes, and it is important to understand that protecting each layer of the container is critical—the operating system, the runtime, and the application layers.
The private registries need access controls, should support storing metadata on images—metadata about security and known vulnerabilities—and also support automated polices around the use of those images. It’s also important for companies to integrate automated security and testing into their build processes, such as static analysis, software composition and container scanning tools.
OpenShift includes a private registry that supports storing metadata and automated policies. It also supports multiple approaches to building container images, i.e., sourced images, integrated Jenkins instances, and the ability to integrate a company’s own CI processes.
Watch the on-demand webinar now to learn more about container security and OpenShift, and let us know your thoughts in the comments section below. And for more information, check out these reports: