Docker for AWS and Docker for Azure are much more than a simple way to setup Docker in the cloud. In fact they provision a secure-by-default infrastructure to give you a secure platform to build, ship and run Docker apps in the cloud. Available for free in Community Edition and as a subscription with support and integrated management in Enterprise Edition, Docker for AWS and Docker for Azure allow you to leverage pre-configured security features for your apps today – without having to be a cloud infrastructure expert.
You don’t have to take our word for it – in February 2017, we engaged NCC Group, an independent security firm, to conduct a security assessment of Docker for AWS and Docker for Azure. Included in this assessment is Docker for AWS and Docker for Azure Community Edition and Enterprise Edition Basic. This assessment took place from February 6-17. NCC Group was tasked with assessing whether these Docker Editions not only provisioned secure infrastructure with sensible defaults, but also leveraged and integrated the best security features of each cloud. We’d like to openly share their findings with you today.
NCC Group validated our security model and defaults, including:
Cloud-specific access control with IAM roles in AWS and Service Principals in Azure to run enterprise workloads in a least-privileged manner
Network configuration settings, including newly provisioned load balancers that are dynamically updated as applications are created and updated
Underlying host network configuration review to provide minimal network exposure
We encourage you to review their full reports for Docker for AWS and Docker for Azure.
NCC Group does bring up some limitations of Docker for AWS and Azure, for example that access is managed with a single SSH key, which makes it impractical for bigger teams of developers and ops to share access. Docker has additional products:
Fleet Management from Docker Cloud to let you share access to a Docker Community Edition (CE) swarm mode cluster using Docker ID, including integration with Docker for Mac and Windows
Docker Enterprise Edition Standard and Advanced tiers (formerly known as Docker Datacenter) for AWS and Azure provide a full Container-as-a-Service environment with integrated user management and granular RBAC
Additionally, NCC Group has previously covered the Docker Engine’s security features in their whitepaper on hardening Linux Containers. This included validating runtime protections such as syscall filtering with seccomp and dropping Linux capabilities by default.
We’ve also worked with NCC Group to validate the cryptography and system security for Notary, our signing and verification framework that ensures Docker images are untampered and always up to date. Read the full report.
Docker is continuing to improve Docker for AWS and Azure (and GCP) to give users an easy-to-use way to configure secure container setups in the cloud. Click here to get started with Docker for AWS and Docker for Azure today.
#Docker for @awscloud and @Azure: Secure By Default #Container PlatformClick To Tweet
The post Docker for AWS and Azure: Secure By Default Container Platform appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/
Published by