Posted in devops
Posts Tagged ‘security’
The open-source world is quickly taking large strides into containerization, specifically consolidating its efforts behind solutions such as Kubernetes. Containers increasingly are becoming attractive options for running applications, thanks in large part to their speed and versatility.
As more containers get deployed across the enterprise, securing them has become a much a higher priority. But while developers are getting better at securing applications, they still dont have much expertise when it comes to network security.
While the term cloud used to be the main topic of discussion in the technology industry, cloud-native is taking its placeand with it, cloud-native security. There are many elements to keep in mind as more organizations begin to build their IT and security in the cloud, but here are five key observations to consider as your organization seeks to understand the different elements.
There is a weird, virtually universal truth about the relationship between technology and security. There is often an inverse relationship in which the more powerful, useful or convenient a technology is for the end user, the larger the risk it poses from a security perspective.
Now that containers are showing up with increased frequency in production environments, the challenges associated with securing those containers are becoming more apparent to developers and IT security teams alike. The latest 2.6 release of the Aqua Container Security Platform (CSP) from Aqua Security makes generally available runtime security software for containers running on both Windows and Linux.
When it comes to building and maintaining a website, one has to take a ton of things into consideration. However, in an era when people want to see results fast, while at the same time knowing that their information online is secure, all webmasters should strive for a couple of things: Both of these goals are vital in order to run a successful website.
Posted in html
At the Open Source Summit Europe 2017 conference today, the Cloud Native Computing Foundation (CNCF) announced it is adding two projects to its portfolio to address the security of container images and the way software is distributed and updated. Notary, the 13th project taken on by the CNCG, provides a mechanism to create, manage and distribute the metadata needed to ensure the integrity and freshness of content.
As seen in a recent DigiCert report, an overwhelming majority of companies believe that an integrated security and devops team makes sense. In fact, 98 percent of survey 300 US respondents (a third from IT or security) are either planning to or have alreafy launched such an effort.
For those responsible for container security within their organizations, clashing is now much more than just a fashion faux pas: The recently discovered Linux Stack Clash vulnerability (CVE-2010-2240) is a serious threat that attackers can exploit to gain root privileges within a container. Worse, if the exploit is applied in the hosts user space, it represents a critical danger in which an attacker could compromise running containers (or the Docker daemon itself).