As containers become more popular as a way to develop and deploy software, it’s quickly becoming clear that ensuring the security of container deployments isn’t always easy. We’ve seen a number of initiatives from Docker, CoreOS and others to improve container security and today, CoreOS is taking many of those concepts a step further with the launch of what it calls “Distributed Trusted Computing” for its Kubernetes-based Tectonic container management service.
The idea here is to provide enterprises with cryptographic guarantees about their environments from the hardware up to the application layer. This means the customer’s cryptographic key is embedded in the hardware’s firmware, for example, and the CoreOS operating system is verified at boot to make sure it hasn’t been tampered with. The system will also only run containers that have been signed with trusted keys.
“Security is central to our mission here at CoreOS,” said CoreOS CEO Alex Polvi in today’s announcement. “It is rare to be able to introduce a completely new class of computing to the market, and we are proud today to do just that with Distributed Trusted Computing. This is a step further in the security capabilities of enterprises, for the first time giving cryptographically guaranteed end-to-end integrity and control of their environment.”
The company notes that none of these new features lock a user into the Tectonic platform.
As more businesses move to deploying container solutions, these kinds of security features CoreOS launched today may soon become standard. Docker is already trying to make cryptographically signing new containers the default, for example. For now, though, it looks like CoreOS is a step ahead of the competition.