SAN FRANCISCO – The elephant or rather the whale in the room at DockerCon this week, was the data breach of the Docker Hub, first disclosed on April 26.
During a keynote address and in a private press session at DockerCon on May 1, Docker executives provided a formal response to the data breach, which impacted 190,000 accounts. The data breach response wasn’t the only thing announced by Docker Inc on day two of DockerCon, as the company behind the eponymous container technology also announced new technology efforts including service mesh integration.
“There are bad actors in the world and we had a security incident and we have resolved that issue,” Docker CEO Steven Singh said during the media session.
Docker Inc. is the lead commercial sponsor behind the open-source Docker container technology that enables developers to build, package and deploy applications as containers. The Docker Hub is a popular repository for Docker users to find freely available Docker application images to run.
During his keynote Docker CTO Kal De provided the assembled Docker community at DockerCon with his commitment to security and to reinforce a security by-design approach for Docker technologies.
“I will simply share with you that we will continue to do the best we possibly can,” De said. “We must as a company, and we will, take security very, very seriously and stay laser focussed on it.”
Breach Details
Docker is currently publicly providing updates on the data breach incident via a dedicated support page. There are still some things that’s aren’t publicly known, such as how long the attackers may have been in the system as well as identification of the root cause of the breach.
In a response to a question from eWEEK, Singh noted that Docker has engaged in a rigorous forensics and incident response activity to fully understand the Docker Hub data breach.
“One of the things we have at Docker is a standard incident response function, so that includes bringing in external resources to really do a deep forensic analysis,” Singh said. “It’s a standard professional model for response.”
Overall Singh sees the breach as an opportunity for his company to improve its processes and help both itself and customers stay secure.
Service Mesh Support
Beyond addressing the data breach, Docker announced new capabilities that will be available in tech preview as part of the company’s Docker Enterprise 3.0 release. Among the new features that was announced on the DockerCon keynote stage was support for the open-source Istio service mesh.
Istio is an emerging technology that has already garnered the backing of big name IT vendors including IBM, AWS, Cisco and Google among others. The Isto service mesh enables a more efficient type of container to container, or microservice to service communications and networking model, by offloading the connectivity to a side car proxy.
ContainerD Support
At the core of Docker’s engine is the open-source ContainerD container runtime project, which is an effort that is hosted by the Cloud Native Computing Foundation (CNCF). To date, Docker had only provided support for Containerd as an integrated part of the Docker Enterprise Platform.
Moving forward, Docker announced that it will also provide commercial support for just the containerd component, for those organizations that only want or need support for that piece and don’t require the full Docker Enterprise platform. With Docker Enteprise as the flagship platform and containerd support at the granular level of support there is the potential for Docker to introduce a mid-tier offering, specifically aimed at small and medium sized businesses (SMBs). Singh said that it is likely that Docker will introduce something in the future that might be a focussed offering for SMBs.
“I couldn’t be happier, this company is not just hitting its stride, we’re really solving problems with a deep commitment to our customers and that’s the only way to build a great business, ” Singh said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
