Docker Introduces Multiple New Security Efforts including Project Nautilus
FREMONT, CA: As Docker container adoption witnesses’ massive growth, the need for accelerating the container security becomes more essential. To that end, Docker introduces several new security – focused efforts to overcome the steady growth of containers and in a bid to make it safer, reports Sean Michael Kerner for eWEEK.
Docker launches Project Nautilus, an image scanning effort for Docker application images. Project Nautilus provides automated security analysis for images that are hosted on the Docker Hub image repository.
Part of the Docker Content Trust leverages open-source Notary project and rest relies on encryption keys. Docker has further announced the support for hardware encryption with Yubico USB Keys that are compliant with the FIDO Alliance Universal Second Factor (U2F) specification. This Yubico key uses a hardware-encrypted token which never reveals the private root encryption key that is used to sign an application image.
Nautilus does deep content analysis helps developers secure their new or existing software update systems, which are already known and found in existing Linux distribution vulnerability databases. The new security effort of docker also aims to improve security visibility and control by supporting user namespaces, and also provides control for individual applications and processes that run on Docker.
"You can give developers the most secure tools in the world, but if the tools get in the way, they won't use it and the result is unusable security, which is really not security at all. By providing usable security tools, we can move the needle on improving security for everyone.” says Hykes
By Nancy S. Wolk, CIO, Alcoa - Global Business Services
By John Kamin, EVP and CIO, Old National Bancorp
By Gregg T. Martin, VP & CIO, Arnot Health
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Bryson Koehler, EVP & CIO, The Weather Company, an IBM...
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Lowell Gilvin, Chief Process Officer, Jabil
By Dennis Hodges, CIO, Inteva Products
By Gerri Martin-Flickinger, CIO, Adobe Systems
By Walter Carvalho, VP& Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Kushagra Vaid, GM, Server Engineering, Microsoft
By Steve Beason, Enterprise CTO, Scientific Games
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Alberto Ruocco, CIO, American Electric Power