Integrated Container Security at Every Step of the Application Lifecycle
Docker Enterprise gives your applications greater protection without sacrificing performance or adding extra cost.
With Docker, you get an integrated security framework for delivering safer applications and improving policy automation without sacrificing performance. Docker adds an extra layer of protection that travels with your applications in a secure supply chain that traverses any infrastructure and across the application lifecycle.
And with a single interface and centrally-managed content, you get a seamless workflow that improves governance and ensures compliance across your whole organization.
Docker Enterprise oversees your containerized applications at scale, interweaving flexible governance rules with your existing policies. For example, your container images automatically go in and out of checkpoints based upon policy-driven rule sets that determine how content progresses through Trusted Registries from development into production securely.
- Granular & flexible role-based access controls (RBAC) enable your teams to work quickly, efficiently and seamlessly as a repeatable business process, sparking creativity and innovation. RBAC allows diverse teams to work within the same operational environment while limiting what actions specific groups can take. Docker Enterprise integrates with your LDAP and/or Active Directory to ensure that your RBAC policies can be deployed across any environment and are not bound to a specific cloud provider.
- Secure application zones enable your team to provide secure multi-tenancy within individual clusters. That allows your organization to maximize the utilization of your compute resources by providing for numerous applications to be managed within the same cluster. In addition, application development can remain agile without creating new clusters for every team, application and project, which saves time and reduces complexity.
Secure Content Across the Software Supply Chain
Docker Enterprise offers cryptographic digital signing to confirm container image provenance and authenticity - in effect providing your operations team with details about the author of an application and confirming that it hasn’t been tampered with or modified in any way.
- Image signing and vulnerability scanning allow your operations teams to have a clear understanding of what is inside your container; who is the author, what is the bill of materials of the container image and whether there is a critical vulnerability. These automated insights greatly improve your organization’s ability to meet your compliance requirements and prevent security breaches.
- Policy-based image promotion accelerates the DevOps pipeline, allowing you to act on images that pass security scans by promoting them automatically, or manually if that is your policy. This policy driven automation is how organizations can scale their secure management of containers as they get to hundreds and thousands of images.
Docker Enterprise provides default configurations that offer greater protection for applications running on top of Docker Engine and across both orchestrators Docker Swarm and Kubernetes. The platform establishes strong secure defaults, while still leaving the controls with the admin to change configurations and policies as needed.
Out-of-the-box security defaults include:
- System-level mutual TLS authentication and cryptographic node identity ensure that communications stay inside the cluster, and foreign nodes stay outside, preventing data leakage and attacks.
- Application-level isolation with authentication/authorization lets you share resources without sacrificing security because you must explicitly open network communications to an application for any application or person to see or access it.
Want to learn more about Docker's integrated security with Docker Enterprise?
Delivering Safer Applications with Docker Enterprise Edition and Windows Server 2016
Docker for the Virtualization Admin
A Secure Supply Chain for Kubernetes