Security

Banjot Chanana

On Monday, February 11, Docker released an update to fix a privilege escalation vulnerability (CVE-2019-5736) in runC, the Open Container Initiative (OCI) runtime specification used in Docker Engine and containerd. This vulnerability makes it possible for a malicious actor that has created a specially-crafted container image to gain administrative privileges on the host. Docker engineering worked with runC maintainers on the OCI to issue a patch for this vulnerability. Docker recommends immediately applying the update to avoid any potential security threats. For Docker Engine-Community, this means updating to 18.09.2 or 18.06.3. For Docker Engine- Enterprise, this means updating to 18.09.2, 18.03.1-ee-6,…

Continue reading...
Jenny Fong

With 20,000 partners and attendees converging at VMworld in Las Vegas this week, we often get asked if containers are replacing virtual machines (VMs). Many of our Docker Enterprise customers do run their containers on virtualized infrastructure while others run it on bare metal. Docker provides IT and operators choice on where to run their applications – in a virtual machine, on bare metal, or in the cloud. In this blog we’ll provide a few thoughts on the relationship between VMs and containers.  Point #1: Containers Are More Agile than VMs At this stage of container maturity, there is very little…

Continue reading...
David Friedlander

Changing the culture and service offerings of a big consulting firm isn’t easy, but BCG has been on that path for the past five years. BCG has evolved from traditional consulting services into a digital transformation powerhouse with six divisions that deliver strategic and technical services to clients. One of those divisions, BCG Gamma, is a global team of world-class data scientists who build data analytics, machine learning, and artificial intelligence solutions for the firm’s clients. But building and shipping analytics, ML and AI applications to clients is challenging. Andrea Gallego, CTO of the division, is charged with creating an…

Continue reading...
Christine Lovett

Docker container platforms  are being used to support mission-critical efforts all over the world. The Planetary Defense Coordination Office out of NASA is using Docker’s platform to support a critical mission that could potentially affect everyone on the planet! The office is responsible for tracking near-earth asteroids, characterizing them and determining how to deflect them if one were to find its way to earth.  DART, led by the Johns Hopkins Applied Physics Laboratory by way of NASA, is the Double Asteroid Redirection Test. The team has chosen a potentially hazardous asteroid to hit in order to measure the impact and…

Continue reading...
Sergio Pineda

Jabil, one of world’s most technologically advanced manufacturing solutions provider with over 100 sites in 29 countries is embarking on a digital journey to modernize their technology infrastructure so the company is better able to deliver the right solutions at the right time to their global customer base.   Starting the Digital Journey By Modernizing .NET Apps  As Jabil embarked on their digital journey with a cloud-first approach in mind, they investigated how to best migrate their applications to the cloud. Jabil partnered with Docker, Microsoft and Avanade as the SI Partner to leverage Docker Enterprise Edition with Windows Server 2016 and…

Continue reading...
Ryan Kennedy

Today at DockerCon, we demonstrated new application management capabilities for Docker Enterprise Edition that will allow organizations to federate applications across Docker Enterprise Edition environments deployed on-premises and in the cloud as well as across cloud-hosted Kubernetes. This includes Azure Kubernetes Service (AKS), AWS Elastic Container Service for Kubernetes (EKS), and Google Kubernetes Engine (GKE). A Single Control Plane for Multi-Cloud Deployments Most enterprise organizations have a hybrid or multi-cloud strategy and the rise of containers has helped to make applications more portable. However, when organizations start to adopt containers as their default application format, they start to run into…

Continue reading...
Andrew Weiss

Source: NIST.gov and C2 Labs  Highly-regulated industries like financial services, insurance and government have their own set of complex and challenging regulatory IT requirements that must be constantly maintained. For this reason, the introduction of new technology can sometimes be difficult. Docker Enterprise Edition provides these types of organization with both a secure platform on which containers are the foundation for building compliant applications and a workflow for operational governance at scale. The problem remains that even with the technology innovation of containers, cloud and other new tools, the area of IT compliance has remained relatively unchanged with security standards…

Continue reading...
Jenny Fong

Two weeks ago we shared how the upcoming release of Docker Enterprise Edition (Docker EE) is able to secure the software supply chain for Kubernetes; just as it does for Docker Swarm through a combination of scanning for vulnerabilities and implementing image promotion policies. In this blog, we’ll take a closer look at another part of this solution – Docker Content Trust and image signing. When combined with granular Role Based Access Controls [RBAC] and the secure clustering features of Docker EE, organizations get a secure container platform solution that is ready for the enterprise. Restricting Unverified Kubernetes Content As discussed in Part 1 of…

Continue reading...