The book includes insights from the following experts:
- Katherine Riley, Director of Information Security & Compliance, Braintrace >>
- Paul Dackiewicz, Lead Security Consulting Engineer, Advanced Network Management (ANM) >>
- Darrell Shack, Cloud Engineer, Cox Automotive Inc >>
- Ross Young, Director, Capital One >>
Mauro Loda, Senior Security Architect, McKesson >>
James P. Courtney, Certified Chief Information Security Officer, Courtney Consultants, LLC >>
Milinda Rambel Stone, Vice President & CISO Provation Medical >>
Avoiding container vulnerabilities was generously sponsored by lacework.
Over the last few years we have seen a dramatic rise in the use of containers and container orchestration systems for the coordination and management of cloud services. Among other things, containers allow for rapid deployment, ephemeral workloads, and autoscaling of applications at scale. For organizations that work in an agile way and deploy services continuously, it’s an enormously popular piece of their infrastructure. Popular types of containers include: Kubernetes, Docker Swarm, OpenShift, and Mesosphere.
Containers are a new and important component of modern environments, but as they still have to live in a shared host and cloud account facing similar threat vectors, their security cannot be treated in isolation. Lacework provides a holistic approach to container security as it supports this natively, while at the same time provides security for hosts and AWS accounts which if compromised can cause even larger scale damage to any container environment.
Many organizations rely on containers to help them orchestrate among applications and data sources, and as this approach grows, security teams are discovering a corresponding increase in their overall threat surface. The people interviewed in this book offer insightful proof that while containers provide distinct advantages for workloads and applications, they also require focused, automated security to remain safe.