-->
We assisted a data security ISV in extending their encryption and access control capabilities to secure data within Docker containers. This project enabled the client to offer comprehensive security for containerized applications, ensuring data protection and access control without restricting access to other applications.
Our client is a Silicon Valley company specializing in security products. They offer solutions to protect data in different formats across various environments. Their products are compatible with major Unix and Windows variants and operate within the kernel or user space based on the security assurances required by their clientele.
The client’s existing product supported encryption and access control for data stored on local and remote filesystems. However, this functionality did not extend to securing data accessed within Docker containers. The client needed to:
Enable encryption and decryption of both existing and new data within a container.
Implement access control to restrict certain file operations within a container.
Ensure these functionalities did not restrict access to other applications accessing the data within the container.
The team added functionality to detect the start of a container in the client’s Linux driver. By monitoring the execution of Docker container processes, the driver could obtain unique container configuration and process details.
Using the obtained process details, the team integrated encryption and decryption support along with access control for a given container using its ID or name through the client’s Linux driver. This allowed for seamless data protection and access restriction within containers.
The team provided functionality to detect any container using a specific Docker image. This enabled the security measures to be applied to all containers derived from that image, ensuring consistent protection for any new containers using that particular image.
The team integrated syscall intercepts in the Linux driver to fetch process details and detect container starts. This allowed for real-time monitoring and control over containerized environments.
By filtering information from the Docker configuration, the team implemented template-based data protection. This approach ensured that the encryption and access control measures could be applied flexibly based on the container’s configuration
Successfully enabled encryption and access control within Docker containers, providing robust data protection and restricted file operations.
Ensured that the security measures did not interfere with other applications accessing the data within the container, maintaining operational efficiency.
Enabled security measures to be automatically applied to any new containers using a specified Docker image, ensuring consistent data protection across all deployments.
The Coriolis team delivered a solution that extended the client’s encryption and access control capabilities to Docker containers. This project enabled the client’s customers to secure their containerized applications with robust encryption and access control, applied seamlessly without disrupting other applications. The ability to secure all containers derived from specific Docker images provided an additional layer of consistency and protection, facilitating easier and more secure deployments.