Application containerization is one of the coolest technologies in IT. It solves numerous problems, allows for incredible application density, and can really increase flexibility and responsiveness. But not everyone understands what makes up container security - it's a LOT more than what application is in the container.
In this session, Red Hat’s global solution architect leader, Thomas Cameron, will talk about the basic components of container security. He'll talk about kernel namespaces, Security Enhanced Linux, Linux control groups, the Docker daemon, etc. and how they all work. He'll provide demonstrations of how each of these technologies affect security.
He'll also talk about tips and tricks for planning a secure container environment, describe some “gotchas” about containers, and debunk some of the security myths about containers.
Attendees will understand the fundamentals of container security when they leave.
Attendees are expected to learn what goes on "under the hood" to secure containers. Many folks understand the security implications of the container's payload - the application framework, the language used, etc. But I have been surprised at how often folks don't understand what kernel namespaces and SELinux do behind the scenese to isolate containers and keep the rest of the system safe. This session aims to teach them about those parts of the system outside of just the container which protect their enterprises.