Exploring container security: Using Cloud Security Command Center (and five partner tools) to detect and manage an attack | Google Cloud Blog

If you suspect that a container has been compromised, what do you do? In today’s blog post on container security, we’re focusing in on container runtime security—how to detect, respond to, and mitigate suspected threats for containers running in production. There’s no one way to respond to an attack, but there are best practices that you can follow, and in the event of a compromise, we want to make it easy for you to do the right thing.

Source: https://cloud.google.com/blog/products/gcp/exploring-container-security-using-cloud-security-comma

Exploring container security: Running a tight ship with Kubernetes Engine 1.10 | Google Cloud Blog

It’s only been a few months since we last spoke about securing Google Kubernetes Engine, but a lot has changed since then. Our security team has been working to further harden Kubernetes Engine, so that you can deploy sensitive containerized applications on the platform with confidence. Today we’ll walk through the latest best practices for hardening your Kubernetes Engine cluster, with updates for new features in Kubernetes Engine versions 1.9 and 1.10.

Source: https://cloud.google.com/blog/products/gcp/exploring-container-security-running-a-tight-ship-with-kubernetes-engine-1-10

Exploring container security: Protecting and defending your Kubernetes Engine network | Google Cloud Blog

Security is a crucial factor in deciding which public cloud provider to move to—if at all. Containers have become the standard way to deploy applications both in the public cloud and on-premises, and Google Kubernetes Engine implements several best practices to ensure the security and privacy of your deployments. In this post, we’ll answer some of your questions related to container networking security of Kubernetes Engine, and how it differs from traditional VM networking security.

Source: https://cloud.google.com/blog/products/gcp/exploring-container-security-protecting-and-defending-your-kubernetes-engine-network

Exploring container security: Digging into Grafeas container image metadata | Google Cloud Blog

The great thing about containers is how easy they are to create, modify and share. But that also raises the question of whether or not they’re safe to deploy to production. One way to answer that is to track metadata about your container, for example, who worked on it, where it’s stored, and whether it has any known vulnerabilities.

Source: https://cloud.google.com/blog/products/gcp/exploring-container-security-digging-into-grafeas-container-image-metadata

Exploring container security: Isolation at different layers of the Kubernetes stack | Google Cloud Blog

To conclude our blog series on container security, today’s post covers isolation, and when containers are appropriate for actually, well… containing. While containers bring great benefits to your development pipeline and provide some resource separation, they were not designed to provide a strong security boundary.

Source: https://cloud.google.com/blog/products/gcp/exploring-container-security-isolation-at-different-layers-of-the-kubernetes-stack

Exploring container security: An overview | Google Cloud Blog

Containers are increasingly being used to deploy applications, and with good reason, given their portability, simple scalability and lower management burden. However, the security of containerized applications is still not well understood. How does container security differ from that of traditional VMs? How can we use the features of container management platforms to improve security?

Source: https://cloud.google.com/blog/products/gcp/exploring-container-security-an-overview

Best Practices for Building Containers  |  Architectures  | Google Cloud

This article describes a set of best practices for building containers. These practices cover a wide range of goals, from shortening the build time, to creating smaller and more resilient images, with the aim of making containers easier to build (for example, with Cloud Build), and easier to run in Google Kubernetes Engine (GKE).

Source: https://cloud.google.com/solutions/best-practices-for-building-containers

Best Practices for Operating Containers  |  Architectures  | Google Cloud

This article describes a set of best practices for making containers easier to operate. These practices cover a wide range of topics, from security to monitoring and logging. Their aim is to make applications easier to run in Google Kubernetes Engine and in containers in general. Many of the practices discussed here were inspired by the twelve-factor methodology, which is a great resource for building cloud-native applications.

Source: https://cloud.google.com/solutions/best-practices-for-operating-containers