There still exists a kind of chasm in the broader software community between the people who are building new application containers today, and the people sandwiched in the middle of the phrase “DevSecOps” whose job is to keep the risk managers at bay. At issue is the very definition of security in a distributed, microservices-driven environment. Infosec professionals demand that containers, wherever they are, be secured. Developers say, that’s not the point: Containers are not virtual machines, and are designed to be ephemeral.
To get a clearer picture of how the newest entrants in the container space are addressing the problem of keeping up both security and the appearance of security, we spoke with John Morello, CEO of security platform maker Twistlock, Liz Rice, an engineer at security integration firm Aqua Security, and Amir Sharif, founder of cloud-native security provider Aporeto. We met these folks at the most recent DockerCon event, for this edition of The New Stack Makers.
Watch on YouTube; https://youtu.be/BbqSYKmQocg