Containers have grown very popular for their flexibility for app development and hosting. For containers to be deployed effectively they require a substrate to provision and manage resources, place workloads, and adapt to failures. Container orchestration tools like Docker Swarm, Kubernetes and Marathon simplify the management of container workloads using cloud-based or on-premises infrastructure. Unfortunately, many of these systems have not been architected with security in mind and with container orchestrators, compromise of a less-privileged node can allow an attacker to gain control of the whole system, or other private resources. In this presentation, Diogo Monica, Docker’s Security Lead speaks about how the company has been working on secure blocks to allow you to run a “least privilege” infrastructure where any participant only has access to the resources strictly necessary.
You can watch this video also at the source.