DockerCon EU 2017 Recap: Security, Kubernetes, and MTA
Hej from Copenhagen!
I’ve had the privilege of spending the last few days here at an incredible DockerCon EU. With thousands of attendees from hundreds of companies converging on the City of Spires, it’s clear that the Docker community is thriving across the world. Here are some of the highlights we saw this week.
Docker Continues to Grow by Leaps & Bounds
At his morning keynote, Steve Singh, CEO of Docker, highlighted the state of the Docker ecosystem, with 21 million hosts running Docker and more than 24 billion (!) image pulls to date. Compare this to 14 million Docker hosts and 12 billion pulls, announced just six months ago at DockerCon in Austin.
Additionally, enterprises such as Société Générale, Intesa Sanpaolo, MetLife, PayPal, Splunk, and GlaxoSmithKline were just some of the companies added to the growing roster of large organizations using Docker.
As enterprises increase their usage of containers and move containerized workloads into production, the focus on security as a key requirement intensifies.
Container Security Panel Discussion: Modern App Security Requires Containers
I was invited to talk about StackRox and the current state of container security with Nathan McCauley, director of security at Docker; Simon Leech, chief technologist at HPE; and other Docker security ecosystem partners; on a panel moderated by journalist Sean Michael Kerner.
Some of the topics that we covered included:
How should customers get started with securing their containers?
What aspects of container security tend to be overlooked?
What container attacks have we seen?
Nathan started by talking about how container platforms like Docker are providing built-in security capabilities, including vulnerability scanning and image signing, to help customers protect their container images. This is complemented by the threat detection and runtime enforcement that StackRox provides. Together, Docker and StackRox provide comprehensive, best-in-class security for our joint customers across the entire container lifecycle.
We also spoke about the importance of runtime security, and that threat vectors extend beyond containers to the orchestrator platform itself. CI/CD security by itself is not sufficient, and organizations need to be prepared and equipped to detect intrusions and active compromise in their container environments. Orchestrators also represent separate and distinct attack surfaces that can be compromised via unauthorized privileged access.
Simon spoke about how large enterprise organizations can bring relevant stakeholders together to initiate collaboration and achieve operational excellence when looking to secure container environments.
When it came to container exploits in the wild, I spoke about how StackRox has seen attack patterns that span code injection on web services, lateral movement, and data exfiltration. As a security community, we need to further invest in threat research and investigation to better understand the emerging threat landscape for container environments.
A StackRox Shoutout Onstage
Diogo Monica, security lead at Docker, gave a fantastic talk on how to apply lessons from Formula One car safety to modern data and infrastructure protection. As part of his talk, he also gave a special shoutout to how StackRox helps security teams understand the impact and severity of events throughout their environment, while showing the audience some screenshots of the StackRox Portal.
Docker Unites with Kubernetes
The biggest news for the container ecosystem overall was that Docker is integrating support for Kubernetes into its core platform and Docker Enterprise Edition. This will have a significant impact in several ways.
First, customers now have greater choice and flexibility over the orchestrator they use with the Docker platform. They may choose to run certain workloads on Kubernetes, and others on Swarm, all with a consistent management interface. Second, this combines the usability of Docker interfaces with the scalability and robustness of Kubernetes. And third, Docker’s security capabilities along the software supply chain will work with either orchestrator, enabling you to get best-in-class CI/CD security for multiple orchestration platforms.
The Docker MTA Program Picks Up Steam
Back in April, Docker announced a new program called the Modernize Traditional Apps (MTA) program to help enterprises containerize their existing workloads to make them more efficient and portable. In the six months since then, it’s clear that Docker has put significant time and effort to helping customers succeed with this program. Various Docker leaders presented an overall framework and methodologies for containerizing legacy workloads in less than five days.
Finnish Railways talked about how MTA is enabling more than 40% cost savings across their application portfolio. And Docker then announced a new partnership with IBM to further advance the MTA program and drive synergies with IBM Cloud.
Thanks to the Docker team for another great show. The ecosystem expo, keynotes, and breakouts all reflect a vibrant community that continues to push the boundaries of software.
Looking forward to seeing you at DockerCon 2018 in San Francisco!