订阅内容

Image via aroberts

If you pay any attention at all to the world of food or food production (I mean, we all eat, right?), you’ll notice a distinct trend emerging - many producers are also starting to label their foodstuffs as “organic” or “all-natural.” More than just food, however, organic can also apply to Linux containers - specifically, Linux container security.

It’s not as crazy as it sounds. Think of “organic” container security as built-in - the security is inherent to the code (genetics) of a specific solution, built from the ground up along with the rest of a solution’s features. So what’s “non-organic” container security look like it? It’s more of a “bolt-on,” where code is added after the container solution is built to make it more secure.

While the bolt-on container security approach may work, these security features often add more complexity or, worse, closed/proprietary code to a solution. Going back to the culinary world, this is similar to heavily-processed/artificial food - you don’t know exactly where the modifications to the genetic code took place and you aren’t sure exactly what was modified, but you’re told that it’s okay for you to eat.

That may be fine for food (we have the regulatory bodies for a reason), but it may not be okay for software that’s intended to run on mission-critical systems.

Security as a Fundamental Tenet, Not a Feature (and Certainly Not an Option)
Red Hat’s entire approach to software security, not just container security, can be considered organic. For us, security isn’t a “feature;” it’s a fundamental, core part of our products that is a focus from day one. We start at the upstream level by engaging and collaborating with the upstream communities that create open source code, ultimately helping to drive the creation of more secure software from inception.

We then keep this focus on security as this upstream software moves through the hardening and productization of the open source code - there’s no “open core” or “add-on” bits. For our container technologies, including Red Hat Enterprise Linux Atomic Host and OpenShift, our container application platform, we leverage OpenSCAP (a more secure software scanning protocol) and, of course, SELinux, a Linux kernel security module that provides support for mandatory access control policies, among other open source security components.

These aren’t features nor are they add-ons - they’re fundamental components of our solutions. In this way, we provide security organically - we don’t sell something extra, nor do we try to slap on closed code. We understand that security isn’t a feature, it’s a process that has to start on day one.

Security’s No Compromise...and Neither is the Operating System
Shocking though it may be, the security debate around containers, from organic to artificial, boils down to one simple concept: the operating system. Red Hat has long said that the operating system matters, no matter how abstracted the various layers of the computing stack become, and security is one of the primary reasons.

A more secure foundation for container implementations is critical, and something that Red Hat has been providing for more than a decade with Red Hat Enterprise Linux. Hardened code, integrated software security functionality and quicker responses to vulnerabilities are just a few of the components that have made Red Hat Enterprise Linux the world’s leading Linux platform in the data center, and we bring these same technical achievements and expertise to Linux containers.

There’s no one silver bullet for running Linux containers - when it comes to the magic word, some players push “small footprints” while others shout about management or speed. It’s not just one of these things that matters the most - they all do, and security is high on the list. Red Hat is a leader for not only containers, but also delivering an ecosystem for Linux container deployments, from the operating system to orchestration to management...all delivered with more secure computing technologies and the support for which we are known.

Scanning Isn’t Enough
Beyond our technology, we don’t just provide tools for scanning container content - we actually provide patches and updated container images when exploits hit. Scanning is easy, updates are hard. As we’ve said previously, Red Hat does not throw our hands up in the air when a vulnerability is found, leaving our customer to fend for themselves; we help do the heavy lifting of patching, respinning, certifying and validating container images. We have the technology AND the technical expertise to do this, and we’ve been doing it for a long time, both within and without the world of Linux containers.

I believe Linux containers represents the future of enterprise applications, and possibly computing as a whole; relying on closed, lab-grown or bolted-on features to help secure these vital resources may not be good enough. I believe organic container security is the way forward, and Red Hat is helping to lead the way.


关于作者

按频道浏览

automation icon

自动化

有关技术、团队和环境 IT 自动化的最新信息

AI icon

人工智能

平台更新使客户可以在任何地方运行人工智能工作负载

open hybrid cloud icon

开放混合云

了解我们如何利用混合云构建更灵活的未来

security icon

安全防护

有关我们如何跨环境和技术减少风险的最新信息

edge icon

边缘计算

简化边缘运维的平台更新

Infrastructure icon

基础架构

全球领先企业 Linux 平台的最新动态

application development icon

应用领域

我们针对最严峻的应用挑战的解决方案

Original series icon

原创节目

关于企业技术领域的创客和领导者们有趣的故事