Defense in depth is an information assurance technique used to protect a system from any particular attack - use of blended countermeasures, working together to meet control and governance requirements. In a containerized world, defense in depth is applied by thinking about security within a container, on the container host and at the container platform layer.
This talk will cover numerous technologies and practices at each layer - from kernel quality, SELinux (svirt), SECCOMP, and use of root, to measuring attack surface, patch remediation, and platform level authentication/authorization, these are the droids you are looking for.
This talk will help an end user understand the breadth of tooling that is available at each level and how they will help protect their system from intrusions and compromises.
This talk is focused on an operations and security minded audience. The audience will gain a framework in which to understand and think about the architecture of a containerized environment. This will allow them to better architect their own security guidelines in the context of a containerized environment.
Attendees will also learn when to use a container and when to use a virtual machine for tenancy and isolation.