Docker containers offer several advantages for developers. Most notably they
fit perfectly in software development processes, they enable fast, reproducible
deployments and when properly done, with little change the same container can
run either in a test or production environment.
Despite threatening information out there Docker offers per se also several
security advantages. However it is important to make use of them and as a
minimum avoid the several security ops pitfalls. In a worst case scenario this
can lead otherwise to less security or the security benefits which the containment
technology offers are not being used at all.
To avoid most common mistakes and to improve security beyond the default,
the speaker will present Docker Top 10 security bullet points which covers
- important Do's and Dont's,
- for advanced needs how to tighten security further,
- how to check (partly) your Docker and Kubernetes security status yourself.
The talk is based on practical experiences at several costumers and on the
speaker's solid network and systems security expertise.
