Challenges and Opportunities: Application Containers and Micro Services

Presented at ShmooCon XIII (2017), Jan. 15, 2017, noon (60 minutes)

Virtualization has fundamentally altered the computing landscape over the past ten years, abstracting infrastructure from operating systems, enabling IT to reduce costs and to leverage new deployment models such as cloud. One of the fundamental challenges in migrating to the cloud is breaking application dependencies on the operating system. Application containers accomplish this by providing abstraction and isolation between applications and the operating system, enabling cloud portability and scale up/scale out architectures powering the DevOps revolution. Docker, in particular, has taken Industry by storm, resulting in over 400 million downloads and 75,000+ containerized applications leveraging this open source platform. But what about Security? IT professionals need to understand how application containers and microservices architectures impact their security posture. Come learn how application containers and micro services work via the definition published in the new NIST publication SP 800-180, understand the security challenges with this approach and opportunities unveiled via best practices and strategies to enable your organization's Secure Development Operations (SecDevOps) revolution. What you'll take away: Application Containers and Microservices 101: How they work and work together How to and who uses these solutions? Challenges posed by application containers and Microservices Best practices for securing application container and microservices

Presenters:

• Andrew Wild
  Andrew Wild is currently the chief information security officer (CISO) at QTS Data Centers, a leading provider of secure, compliant, data center solutions. Wild has spent over 25 years developing effective, customer-driven information security, incident response, compliance and secure networking programs for technology and telecommunications organizations.
• Anil Karmel
  Anil Karmel (@anilkarmel) is the co-founder and CEO of C2 Labs, a company that assess, designs and implements IT Strategic Plans to a deep specialization in Application Rationalization and Transformation (ART), leveraging Secure Development Operations (SecDevOps). Anil also serves as the co-chair of the National Institute of Standards and Technology (NIST) Cloud Security Working Group.

Links:

• https://infocon.org/cons/ShmooCon/ShmooCon 2017/Challenges and Opportunities Application Containers.mp4

Similar Presentations:

• DEF CON 30 (2022) / Creating and uncovering malicious containers. Workshop
• AppSec USA 2017 / How to stop worring about application Container security
• DEF CON 23 (2015) / Linux Containers: Future or Fantasy?