Security has long been a hot discussion topic when modern Linux containers are compared to other isolation technologies such as virtual machines. Recently on DockerCon's keynote stage an extremely large enterprise, ADP, who manage highly sensitive personal information for millions of clients, made the bold claim that they came to containers because of, not in spite of, security requirements. In this talk, Phil will walk through the core security capabilities available today in Docker and other container runtimes, and how those capabilities have improved for both pure container isolation, but also improvements and capabilities that touch across the whole lifecycle of a container workflow. Phil will demonstrate recent additions to the Docker engine in 2016 such as user namespaces and seccomp and how they continue to enable better container security and isolation.
YOU MAY ALSO LIKE:
Phil is a Senior Technical Staff Member in the office of the CTO of IBM Cloud Platform. Phil is a core contributor and maintainer on the Docker engine project where he has contributed key features like user namespace support and multi-platform image capabilities. Phil is also a founding maintainer of the CNCF containerd project, and participates in the Open Container Initiative (OCI) as a contributor to the development of runc.