Image
"Containers scare the hell out of security pros because they are so opaque. The burden of securing containers falls across Development, Operations, and Security teams—but none of these groups always knows how to tackle their issues. Security and development teams may not even be fully aware of the security problems they face, as security is typically ignorant of the tools and technologies developers use, and developers don’t always know what risks to look for."To address those worries, organizations must take the security of their containers seriously. That means security teams can't just stop at the containers themselves. They must extend security measures to the build, deployment and runtime environments, as well. All of this is necessary given the ongoing evolution of DevOps systems. In the last few years alone, organizations have begun turning primarily to systems in order to deploy and manage apps at scale. This tendency, in turn, has made the security of the orchestration manager a primary security concern. At the same time, more and more enterprises are now adopting integration-platform-as-a-service (IPaaS) container packages from cloud vendors. These solutions are changing the way by which organizations approach container security. Tripwire covered some build pipeline security issues in its first container security whitepaper. But as organizations increasingly embrace DevOps, it decided to issue another report with a DevOps-centric focus. Hence its release of The Complete Guide to Container Security. This eBook covers some of the most common digital threats that target containers. It also provides recommendations for how organizations can secure their build, deployment and runtime environments as well as shares Tripwire's perspective for how enterprises can achieve this protection at each of those levels. For more information, download a copy of The Complete Guide to Container Security today.
