BARCELONA, Spain—As Docker container adoption grows, so too does the need for robust security. Today at the DockerCon EU conference here, Docker announced several new security-focused efforts, building on existing security that Docker has been pushing this year.
During the opening two-hour general keynote session, Docker founder Solomon Hykes emphasized that developers do care about security, but it's important that security is actually usable.
"You can give developers the most secure tools in the world, but if the tools get in the way, they won't use it and the result is unusable security, which is really not security at all," Hykes said. "By providing usable security tools, we can move the needle on improving security for everyone."
Docker's foray into security tools got its first big push in August, when Docker Content Trust debuted alongside the Docker 1.8.0 release. Docker Content Trust makes use of the open-source Notary project, which aims to enable secure updating by way of authenticated and signed application images.
Part of the Content Trust approach relies on encryption keys, which are now being hardened further. Hykes announced new experimental support for hardware encryption with Yubico USB keys. Going a step further, Hykes and Docker actually gave all attendees of the DockerCon EU keynote their own key.
In an interview with eWEEK, Nathan McCauley, director of security at Docker, explained that the Yubico technology is all about hardware encryption and not so much about two-factor authentication. Yubico builds USB keys that are compliant with the FIDO Alliance Universal Second Factor (U2F) specification. The Yubico key Docker uses is a hardware-encrypted token that never reveals the private root encryption key that is used to sign an application image.
The hardware encryption support is currently in the experimental branch of Docker, and it could land in the Docker 1.10 release later this year or early 2016, according to McCauley.
Read More: http://www.eweek.com/security/docker-doubles-down-on-security-with-nautilus-hardware-encryption.html
During the opening two-hour general keynote session, Docker founder Solomon Hykes emphasized that developers do care about security, but it's important that security is actually usable.
"You can give developers the most secure tools in the world, but if the tools get in the way, they won't use it and the result is unusable security, which is really not security at all," Hykes said. "By providing usable security tools, we can move the needle on improving security for everyone."
Docker's foray into security tools got its first big push in August, when Docker Content Trust debuted alongside the Docker 1.8.0 release. Docker Content Trust makes use of the open-source Notary project, which aims to enable secure updating by way of authenticated and signed application images.
Part of the Content Trust approach relies on encryption keys, which are now being hardened further. Hykes announced new experimental support for hardware encryption with Yubico USB keys. Going a step further, Hykes and Docker actually gave all attendees of the DockerCon EU keynote their own key.
In an interview with eWEEK, Nathan McCauley, director of security at Docker, explained that the Yubico technology is all about hardware encryption and not so much about two-factor authentication. Yubico builds USB keys that are compliant with the FIDO Alliance Universal Second Factor (U2F) specification. The Yubico key Docker uses is a hardware-encrypted token that never reveals the private root encryption key that is used to sign an application image.
The hardware encryption support is currently in the experimental branch of Docker, and it could land in the Docker 1.10 release later this year or early 2016, according to McCauley.
Read More: http://www.eweek.com/security/docker-doubles-down-on-security-with-nautilus-hardware-encryption.html
No comments:
Post a Comment