There’s more to container isolation than the technology

(Image credit: Kevin Ku / Pexels)

As the Chief Security Architect at Red Hat, Mike Bursell spends his days talking about security both inside and outside the company. His job, he tells us on the sidelines of the Open Source Summit Europe 2019 in Lyon, France, is to encourage people to think about security. Talking about the security challenges in today’s containerised world, Mike says that there’s more to containers than just the technology and people miss that it’s a cultural change: “It's very easy to forget that security isn't just about runtime. It's about development time and test time and provisioning time and closing down containers.”

His advice to people is to follow the age-old rule and think about security right from the design stage: “If you're doing DevOps for doing agile methodology, you can't wait for two weeks before you deploy to put security in because you deploy every two weeks, for instance. So you need to make it a part of the cycle.” 

The only solution then is to bake security right into the CI/CD process: 

“If, for instance, you have a rule that you're only going to accept container images from a trusted repository, you need to make sure that that's automated. You can't expect your engineers to know what those correct things should be. Similarly, you might say, I'm going to make sure that none of my containers last for more than 24 hours, I always restart them. But you want to make sure that when you restart the containers you're taking the latest image because there may be patches that have been provided. So you want to make sure that that's running through your automated test suite.” 

Thinking beyond roadmaps

Part of Mike’s job is to look further out beyond the roadmaps and he works with a number of product managers in Red Hat on “what's coming, what's exciting, what's interesting”, and to think about how they can get the things that make sense into their roadmaps. 

Talking long-term, Mike talks about the importance of Enarx, a project he co-founded, to enable apps to run within Trusted Execution Environments, completely independent of platforms and SDKs.

Besides Enarx, he’s also keeping an eye on quite a few security projects: 

“Certainly some of the quantum resistant algorithms are becoming important. I think some of the multi-party computation projects are becoming important. I think there's some interesting questions around AI and security. When you're putting your training models together, how you manage, possibly personal data, without sharing with everybody, and there's a crossover between the multi-party computation and some of the trust execution environments and things, lots of different things sort of in the same space at the moment and that certainly keeping me interested.” 

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does