Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Copyright © 2020 Mirantis, Inc. All rights reserved
Securing Your
Containers Isn't
Enough
How to Encrypt
Containerized Dat...
2
Tim Reilly
CEO
Featured Presenters - Zettaset
Tim brings more than 25 years of successful public and
private experience ...
3
Bryan Langston
Cloud Solutions
Architect
Featured Presenter - Mirantis
Bryan Langston has been with Mirantis for five yea...
4
A Little Housekeeping
● Please submit questions in the
Questions panel.
● We’ll provide a link where you
can download th...
5
● What we're trying to achieve
● Where containers are today
● DevOps, DevSecOps and common security issues
● Encrypting ...
6
XCrypt Container Encryption for Docker Enterprise - Fixed Topology
Anthem (Key3
)
United Health (Key1
)
Docker Enterpris...
Copyright © 2020 Mirantis, Inc. All rights reserved
Container Adoption
Today
8
Containers in Production
Use of Containers since 2016 Use of Containers in Production
• 69% of respondents intend to sto...
9
● Improving customer experience
● Supporting new business models
● Increasing operational efficiency
● Examples:
○ 40x mo...
10
DevOps
The Good
Well-defined
pipeline
automation helps
coordinate activities
across Dev, Test and
Prod environments
The ...
11
● Keeping default values
● Implementing concept of “least privilege”
● Establishing solid RBAC support
● Trusted conten...
12
What is it? The augmentation of DevOps to
allow for the integration of security practices
DevSecOps
Advantages
● Greate...
Copyright © 2020 Mirantis, Inc. All rights reserved
Encrypting
Containerized Data
Protect the Data
What are your top 3 storage challenges with containers?
2019 Container Adoption Survey, Portworx and Aqua...
So, how do you protect your data?
Top three data
breach protection
methods universally
recommended by
security experts and...
DevSecOps for Containers
The castle has many forms of defense
Moat, geography, routes in, thick walls, watch towers, guard...
▪Transparent integration via volume driver
▪ All required services run in containers: key manager, certificate
authority, ...
Protecting Data at Rest in Containerized Environments
Secure Container
Storage
Key Points
Encryption must follow storage. ...
Anthem (Key3
)
United Health (Key1
)
Docker Enterprise Host 1
Cigna (Key2
)
XCrypt Container Encryption for Docker Enterpr...
1. On creation, the container
requests a particular-sized
encrypted storage volume
2. Zettaset’s volume driver requests
a ...
▪ Cybersecurity and DevOps are forever linked
▪ Security is not the enemy
▪ No one technology will address all security ch...
Copyright © 2020 Mirantis, Inc. All rights reserved
Thank You
Q&A
Download the slides from: bit.ly/mirantis-zettaset
We’ll...
Upcoming SlideShare
Loading in …5
×

Securing Your Containers is Not Enough: How to Encrypt Container Data

Slides from webinar by Mirantis and Zettaset about how to encrypt containerized data. Watch the recording at: https://bit.ly/container-data-encryption

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

Securing Your Containers is Not Enough: How to Encrypt Container Data

  1. 1. Copyright © 2020 Mirantis, Inc. All rights reserved Securing Your Containers Isn't Enough How to Encrypt Containerized Data WEBINAR | April 8, 2020
  2. 2. 2 Tim Reilly CEO Featured Presenters - Zettaset Tim brings more than 25 years of successful public and private experience in the high-tech industry filling key operational roles within product line business units and venture capital funded companies through all stages of growth. During his time at Zettaset, the company has successfully grown its software-defined encryption portfolio to provide a comprehensive data protection solution across all physical, virtual and cloud environments. Prior to joining Zettaset, Tim took on a variety of roles at companies including Trapeze Networks, Nicira, netVmg, and WorldxChange. He has a BS in Accounting from the University of Southern California and currently resides in the San Francisco Bay Area. Maksim Yankovskiy VP Engineering Maksim has over 20 years of experience delivering and managing enterprise encryption and database software across all the major high tech industries. During his tenure at Zettaset, he has been responsible for the engineering team that delivered the entire XCrypt product portfolio. He has also filed patents related to distributed and high-performance encryption. Prior to Zettaset, Maksim worked at Ingrian Networks and held various roles related to distributed database systems at Siemens Medical Solutions, Ross Stores and Adobe Systems.
  3. 3. 3 Bryan Langston Cloud Solutions Architect Featured Presenter - Mirantis Bryan Langston has been with Mirantis for five years and is currently a Pre-Sales Senior Cloud Architect. Other roles he's had in Mirantis include Director of Architecture for Openstack and Kubernetes professional services, and a product manager for Mirantis' Operations and Business Support Systems (OSS/BSS) products. Prior to joining Mirantis, Bryan worked at IBM Research for 17 years where he built a Linux-based supercomputer for web-scale crawling, indexing and mining, and led multiple first-of-a-kind projects in the cloud computing space.
  4. 4. 4 A Little Housekeeping ● Please submit questions in the Questions panel. ● We’ll provide a link where you can download the slides at the end of the webinar.
  5. 5. 5 ● What we're trying to achieve ● Where containers are today ● DevOps, DevSecOps and common security issues ● Encrypting containerized data ● What all of this means for customers ● Q&A Agenda
  6. 6. 6 XCrypt Container Encryption for Docker Enterprise - Fixed Topology Anthem (Key3 ) United Health (Key1 ) Docker Enterprise Host 1 Cigna (Key2 ) Highly Available Storage VolumeLegend Container Host Docker Enterprise Host 2 Container1 United Health Billing Container2 Cigna Analytics Container3 Anthem Electronic Health Records Anthem (Key4 ) Cigna (Key5 ) Container4 Anthem Patient Registration Container5 Cigna Call Center
  7. 7. Copyright © 2020 Mirantis, Inc. All rights reserved Container Adoption Today
  8. 8. 8 Containers in Production Use of Containers since 2016 Use of Containers in Production • 69% of respondents intend to store sensitive data in containers • 76% of container usage from Tech, FinServ & Healthcare • 89% of container runtime is Docker • 94% experienced a security incident in last 12 months • Security is top barrier to further container adoption
  9. 9. 9 ● Improving customer experience ● Supporting new business models ● Increasing operational efficiency ● Examples: ○ 40x more deployments per day helps leading bank innovate faster ○ 700 apps running 15k containers at an online payment processor helps build a consistent operating model across multiple clouds ○ 10x scalability increase and 65k+ transactions/sec for global payment technology company delivers efficiency Current State of Container Utilization
  10. 10. 10 DevOps The Good Well-defined pipeline automation helps coordinate activities across Dev, Test and Prod environments The Bad Introduces “unknown unknowns” to an organization The Ugly Cultural barriers inhibit the realization of full value of container adoption
  11. 11. 11 ● Keeping default values ● Implementing concept of “least privilege” ● Establishing solid RBAC support ● Trusted content ● Related to establishing operational boundaries, defining and enforcing network policies that control N/S, E/W traffic flows Common Security Issues
  12. 12. 12 What is it? The augmentation of DevOps to allow for the integration of security practices DevSecOps Advantages ● Greater speed and agility for security teams ● Ability to respond to change & needs rapidly ● Better collaboration and communication among teams ● More opportunities for automated builds and quality assurance testing ● Early identification of vulnerabilities in code ● Team member assets are freed to work on high-value work Examples of Activities ● Integrate security scanners for containers ● Centralize user identity and access control capabilities ● Isolate containers running microservices from each other and the network ● Encrypt data between apps and services
  13. 13. Copyright © 2020 Mirantis, Inc. All rights reserved Encrypting Containerized Data
  14. 14. Protect the Data What are your top 3 storage challenges with containers? 2019 Container Adoption Survey, Portworx and Aqua Security What are your top 3 security challenges with containers? Ensuring data security Concerns about data loss Planning for disaster recovery and business continuity Legacy storage technologies not a good fit for container workloads Storage doesn't effectively scale with number of containers Inadequate tools for managing container storage Block devices like Amazon EBS are slow to mount Provisioning storage takes too long Data security Vulnerability management Runtime protection (e.g. blocking of anomalies) Exposure of secretes (passwords, keys, certificates) Runtime monitoring and visibility Network segmentation Trusted image deployment Pipeline (CI/CD) security automation Hardening hosts and orchestration
  15. 15. So, how do you protect your data? Top three data breach protection methods universally recommended by security experts and organizations in many surveys and panels: Encrypt data throughout the process of collection, viewing and manipulation - preferably at the source. 1 2 3 Any sensitive data that must be stored or is "at rest" needs to be encrypted and the keys can't be stored at the same location as the data. All access and manipulation of data must be logged.
  16. 16. DevSecOps for Containers The castle has many forms of defense Moat, geography, routes in, thick walls, watch towers, guards Traditional tools are applied in new form ensure integrity of container • RBAC • Monitoring & Logging • Policy enforcement But what if they get inside the castle and find the treasure? Need to protect the most valuable asset….the DATA Encryption provides data protection and last line of defense
  17. 17. ▪Transparent integration via volume driver ▪ All required services run in containers: key manager, certificate authority, license server ▪Automated management of host storage ▪Dedicated volume group allocated for each container volume ▪Container volumes cryptographically tied to containers Container Encryption 17
  18. 18. Protecting Data at Rest in Containerized Environments Secure Container Storage Key Points Encryption must follow storage. Containers will share storage in multi-tenant environment, but they must not share encryption keys. Otherwise, one compromised container compromises the entire environment. 1 2 3 Storage must be independent of host and containers. Using legacy approach of hardware-defined storage provisioning will lead to data loss if host reboots or dies. Separation of duties. Developers and platform operators should not have visibility into or knowledge of encryption keys and processes. Encryption must be granular, yet transparent.
  19. 19. Anthem (Key3 ) United Health (Key1 ) Docker Enterprise Host 1 Cigna (Key2 ) XCrypt Container Encryption for Docker Enterprise - Fixed Topology Highly Available Storage VolumeLegend Container Host Docker Enterprise Host 2 Container1 United Health Billing Container2 Cigna Analytics Container3 Anthem Electronic Health Records Anthem (Key4 ) Cigna (Key5 ) Container4 Anthem Patient Registration Container5 Cigna Call Center
  20. 20. 1. On creation, the container requests a particular-sized encrypted storage volume 2. Zettaset’s volume driver requests a volume from the host 3. Zettaset’s volume manager constructs a volume from various partitions on the device and creates a volume group 4. Volume manager communicates with the key manager to create a key and encrypt the volume 5. On container destruction, the encryption key is destroyed, and volumes are made available again Container Encryption – Where to implement
  21. 21. ▪ Cybersecurity and DevOps are forever linked ▪ Security is not the enemy ▪ No one technology will address all security challenges ▪ Encryption is an essential tool and the last line of defense Protect your Containers and Step towards DevSecOps Takeaways
  22. 22. Copyright © 2020 Mirantis, Inc. All rights reserved Thank You Q&A Download the slides from: bit.ly/mirantis-zettaset We’ll send you the slides and recording later this week.

×