Container Security: Securing Containers on the High Seas

Please join us next month at Bloomberg BNA for a discussion on container security with two of our friends from OWASP NoVA, Abdullah Munawar and Jack Mannino!

Abstract:
It can be a difficult challenge for most organizations to migrate to containers and develop a secure strategy for implementation and management. Making the shift from legacy virtualization and monolithic deployments to containers requires a solid strategy for securely making the jump. Containers offer many security benefits but it’s important to adopt controls and good practices throughout the lifecycle, across all of the systems and interfaces with which they interact. From container registries, through development and deployment, it’s important to enforce security and eliminate risks as they’re easily introduced.

A robust enterprise container strategy requires focusing on infrastructure, architecture, tooling, policies, and processes. Hardening your containers and ensuring they remain free of known vulnerabilities is important, but this is not a comprehensive approach. Containers, their runtime behavior, and capabilities are influenced by other systems such as container orchestration platforms and schedulers. While organizations are focused on hardening individual containers and services, they also need to think about how to limit lateral movement and post-exploitation steps by attackers through sound architectural choices.

This presentation will focus on scaling container security within an enterprise and building security controls at different layers to provide comprehensive coverage. We will discuss the modern container landscape including multiple container runtimes and standards such as Open Container Initiative (OCI) and Container Storage Interface (CSI) as well as their their impact on security moving forward. We will explore the container lifecycle from your developer’s laptop through your production environment and examine the key security problems to mitigate. By the end of the presentation the audience should confidently be able to develop a secure approach to their organization’s container strategy.

Bios:
Abdullah Munawar:
Abdullah Munawar is the Director of Professional Services at nVisium who specializes in application security testing and helping clients build application security programs. He previously worked on the security teams for various federal and financial organizations, with over 10 years of experience. He has spoken at various conferences on mobile application security, big data security, and general application security. You can follow Abdullah on twitter @amanofwar

Jack Mannino:
Jack Mannino is the CEO of nVisium. Passionate about security and impossible to keep away from a keyboard, his expertise spans over 15 years of building, breaking, and securing software. Jack founded nVisium in 2009, and since then has helped the world's largest software teams enhance security across their software portfolios. He has spoken at conferences globally on topics such as secure design, mobile application security, and cloud-native security. You can follow Jack on twitter @jack_mannino