Image via aroberts
If you pay any attention at all to the world of food or food production (I mean, we all eat, right?), you’ll notice a distinct trend emerging - many producers are also starting to label their foodstuffs as “organic” or “all-natural.” More than just food, however, organic can also apply to Linux containers - specifically, Linux container security.
It’s not as crazy as it sounds. Think of “organic” container security as built-in - the security is inherent to the code (genetics) of a specific solution, built from the ground up along with the rest of a solution’s features. So what’s “non-organic” container security look like it? It’s more of a “bolt-on,” where code is added after the container solution is built to make it more secure.
While the bolt-on container security approach may work, these security features often add more complexity or, worse, closed/proprietary code to a solution. Going back to the culinary world, this is similar to heavily-processed/artificial food - you don’t know exactly where the modifications to the genetic code took place and you aren’t sure exactly what was modified, but you’re told that it’s okay for you to eat.
That may be fine for food (we have the regulatory bodies for a reason), but it may not be okay for software that’s intended to run on mission-critical systems.
Security as a Fundamental Tenet, Not a Feature (and Certainly Not an Option)
Red Hat’s entire approach to software security, not just container security, can be considered organic. For us, security isn’t a “feature;” it’s a fundamental, core part of our products that is a focus from day one. We start at the upstream level by engaging and collaborating with the upstream communities that create open source code, ultimately helping to drive the creation of more secure software from inception.
We then keep this focus on security as this upstream software moves through the hardening and productization of the open source code - there’s no “open core” or “add-on” bits. For our container technologies, including Red Hat Enterprise Linux Atomic Host and OpenShift, our container application platform, we leverage OpenSCAP (a more secure software scanning protocol) and, of course, SELinux, a Linux kernel security module that provides support for mandatory access control policies, among other open source security components.
These aren’t features nor are they add-ons - they’re fundamental components of our solutions. In this way, we provide security organically - we don’t sell something extra, nor do we try to slap on closed code. We understand that security isn’t a feature, it’s a process that has to start on day one.
Security’s No Compromise...and Neither is the Operating System
Shocking though it may be, the security debate around containers, from organic to artificial, boils down to one simple concept: the operating system. Red Hat has long said that the operating system matters, no matter how abstracted the various layers of the computing stack become, and security is one of the primary reasons.
A more secure foundation for container implementations is critical, and something that Red Hat has been providing for more than a decade with Red Hat Enterprise Linux. Hardened code, integrated software security functionality and quicker responses to vulnerabilities are just a few of the components that have made Red Hat Enterprise Linux the world’s leading Linux platform in the data center, and we bring these same technical achievements and expertise to Linux containers.
There’s no one silver bullet for running Linux containers - when it comes to the magic word, some players push “small footprints” while others shout about management or speed. It’s not just one of these things that matters the most - they all do, and security is high on the list. Red Hat is a leader for not only containers, but also delivering an ecosystem for Linux container deployments, from the operating system to orchestration to management...all delivered with more secure computing technologies and the support for which we are known.
Scanning Isn’t Enough
Beyond our technology, we don’t just provide tools for scanning container content - we actually provide patches and updated container images when exploits hit. Scanning is easy, updates are hard. As we’ve said previously, Red Hat does not throw our hands up in the air when a vulnerability is found, leaving our customer to fend for themselves; we help do the heavy lifting of patching, respinning, certifying and validating container images. We have the technology AND the technical expertise to do this, and we’ve been doing it for a long time, both within and without the world of Linux containers.
I believe Linux containers represents the future of enterprise applications, and possibly computing as a whole; relying on closed, lab-grown or bolted-on features to help secure these vital resources may not be good enough. I believe organic container security is the way forward, and Red Hat is helping to lead the way.
À propos de l'auteur
Contenu similaire
Parcourir par canal
Automatisation
Les dernières actualités en matière de plateforme d'automatisation qui couvre la technologie, les équipes et les environnements
Intelligence artificielle
Actualité sur les plateformes qui permettent aux clients d'exécuter des charges de travail d'IA sur tout type d'environnement
Services cloud
En savoir plus sur notre gamme de services cloud gérés
Sécurité
Les dernières actualités sur la façon dont nous réduisons les risques dans tous les environnements et technologies
Edge computing
Actualité sur les plateformes qui simplifient les opérations en périphérie
Infrastructure
Les dernières nouveautés sur la plateforme Linux d'entreprise leader au monde
Applications
À l’intérieur de nos solutions aux défis d’application les plus difficiles
Programmes originaux
Histoires passionnantes de créateurs et de leaders de technologies d'entreprise
Produits
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Services cloud
- Voir tous les produits
Outils
- Formation et certification
- Mon compte
- Ressources développeurs
- Assistance client
- Calculateur de valeur Red Hat
- Red Hat Ecosystem Catalog
- Rechercher un partenaire
Essayer, acheter et vendre
Communication
- Contacter le service commercial
- Contactez notre service clientèle
- Contacter le service de formation
- Réseaux sociaux
À propos de Red Hat
Premier éditeur mondial de solutions Open Source pour les entreprises, nous fournissons des technologies Linux, cloud, de conteneurs et Kubernetes. Nous proposons des solutions stables qui aident les entreprises à jongler avec les divers environnements et plateformes, du cœur du datacenter à la périphérie du réseau.
Sélectionner une langue
Red Hat legal and privacy links
- À propos de Red Hat
- Carrières
- Événements
- Bureaux
- Contacter Red Hat
- Lire le blog Red Hat
- Diversité, équité et inclusion
- Cool Stuff Store
- Red Hat Summit