Posted in devops
Posts Tagged ‘container’
While every IT administrator intuitively accepts the idea that monitoring adds the value, the cost of instrumenting and monitoring every application has proven to be prohibitive. As a result, only a small percentage of applications running in the enterprise are monitored.
As more containers get deployed across the enterprise, securing them has become a much a higher priority. But while developers are getting better at securing applications, they still dont have much expertise when it comes to network security.
As IT organizations employ Docker containers to drive hybrid cloud computing deployments, theres an increased need for monitoring tools that can track how containers are being employed both in the cloud and on-premises. To enable IT organizations to achieve that goal, Anchore has made available an edition of its software-as-a-service (SaaS) monitoring tools that can invoke Anchore Engine, an open-source edition of its software that can be deployed in an on-premises IT environment.
The future of profitability in the container market lies in Kubernetes hosting. That, at least, seems to be the new stance from Microsoft, whose container market strategy has evolved significantly over the past year.
Now that containers are showing up with increased frequency in production environments, the challenges associated with securing those containers are becoming more apparent to developers and IT security teams alike. The latest 2.6 release of the Aqua Container Security Platform (CSP) from Aqua Security makes generally available runtime security software for containers running on both Windows and Linux.
As part of an effort to eliminate a Kubernetes management tax, Microsoft previewed a managed instance of Kubernetes clusters running on Azure that it will manage on behalf of customers for free. In addition, the company promised to extend Azure Container Registry to add support for geo-replication capabilities that makes it simpler to manage multiple instances of a private container registry.
At the Open Source Summit Europe 2017 conference today, the Cloud Native Computing Foundation (CNCF) announced it is adding two projects to its portfolio to address the security of container images and the way software is distributed and updated. Notary, the 13th project taken on by the CNCG, provides a mechanism to create, manage and distribute the metadata needed to ensure the integrity and freshness of content.
Docker Inc. at the DockerCon Europe 2017 conference extended its alliance with IBM as part of an effort to entice more IT organizations to lift and shift existing legacy applications into the cloud using Docker containers. Meanwhile, IBM announced that its middleware software used to run legacy applications now will be available as containers on the Docker Store.
For those responsible for container security within their organizations, clashing is now much more than just a fashion faux pas: The recently discovered Linux Stack Clash vulnerability (CVE-2010-2240) is a serious threat that attackers can exploit to gain root privileges within a container. Worse, if the exploit is applied in the hosts user space, it represents a critical danger in which an attacker could compromise running containers (or the Docker daemon itself).