here be dragons; container security – josh bregman

This is part of my live blogging from QCon 2015. See my QCon table of contents for other posts.


Need to prevent

  • “good” containers calling you accidentally
  • “good” containers calling you without your permission
  • “bad” containers calling you

production only workflow is an anti-pattern. network security isn’t enought

DevOps is about veleocity. Security and Risk Management can put on the brakes

Pod suurounds separation of concerns. Each actor (security, dev, etc) has own space

Can organize containers into layers

At event, can have ticket in advance or “will call” where show id. The later is like dynamic tokens.

Use host factory when provisioning

Impressions: the original speaker is sick and the subtitute has been at the company five weeks. I wouldn’t have know if he hadn’t mentioned it. I think I don’t know enough about containers though because some of this went over my head.

Leave a Reply

Your email address will not be published. Required fields are marked *