Advanced Computing in the Age of AI | Monday, April 22, 2024

Container Encryption Targets Security, Downtime 


Securing the contents of application containers based on Docker and other platforms has relied heavily on isolating individual containers from one another along with other access control approaches. Now, a data security vendor is proposing an encryption scheme that, for example, extends "data-at-rest" security capabilities to Docker encryption and those access controls.

Cyber and data security specialist Thales on Thursday (Dec. 8) released the encryption package designed to secure Docker containers as well as easing deployment of distributed applications and reducing IT infrastructure downtime. The company, San Jose, Calif., added that its Vormetric platform includes the ability to encrypt and re-key containerized data without taking applications offline.

Along with the ability to encryption applications, Thales said it is releasing a package of extensions and an appliance along with a database encryption tool.

The first extension targets the reduction of downtime by enabling initial encryption and rekeying (rekeying refers the process of creating a new session key, traditionally a painstaking process that often results in downtime). The Thales extension is designed to allow initial encryption and rekeying of encrypted data while in use. The pilot project is now generally available, the company said.

A second Docker extension delivers to container users the Thales encryption platform functioning at the operating system level along with data access controls and logging capabilities. That means containers can be securely deployed without altering applications, the company claimed.

Meanwhile, a data security appliance is designed to manage remote data security and policy controls without a datacenter visit.

Finally, a "batch data transformation" tool is intended for initial encryption of sensitive database columns that are protected by its application encryption and token key tools. It also supports requirements for data masking, that is, the process used to shielding original data by applying random characters or data.

Along with reducing downtime for secure Docker container deployments, the company noted that another goal is reducing the complexity often associated with rolling out encryption schemes to protect sensitive data. Deployment complexity was the top reason why enterprises resist data security tools, according to a recent threat data report commissioned by Thales.

Thales said the entire container encryption package would be available in the first quarter of 2017.

Other container vendors such as San Francisco-based CoreOS also have tackled container security with approaches like hardware-driven cryptographic verification. The CoreOS approach adds a "cryptographic chain of trust" extending from the application layer to the hardware that delivers enterprise applications.

Recent cloud security surveys have revealed that nearly half of public cloud users are encrypting data and workloads using security services offered by providers. Meanwhile, about 28 percent said they are deploying data encryption approaches from vendors such as Thales.

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).