Containers and Orchestrators are being rapidly adopted worldwide due to the advantages they provide. But so has risen the cyber attacks on the same. With the rise in recent vulnerabilities there’s an ever more demanding need to enforce security in containers.

Even with Static Analyzers in place which scan for known vulnerabilities, a new vulnerability can pop up anytime or you can be compromised at runtime. We should try to reduce the attack surface to secure against these unknown unknowns.

This talk will be about how can one choose to be a minimalist about their workloads right from choosing the right node images to reducing dependencies in containers and finally restricting and minimizing risks at runtime. We will explore about Container Optimized OS' , RBAC, Docker Slim, Network Policies, Kubernetes Security Context and tooling around Mandatory Access Control and how they can help you out on your path to become minimalist with your workloads to secure them.

---

I have attached an Initial Set of Slides which cover the flow of the presentation on the High level

I have presented this in one of the DelhiFOSS Meetup

I plan to include real life attacks like log4j, Uber Social engineering attack at each level to better convey where and how minimalism with security comes into the picture.