Cloudera and Docker, Inc. have partnered to release commercially supported CS Docker Engines with a jointly developed solution to cryptographically secure containers for government data sharing.
This integrated solution allows government agencies to share data via cryptographically secure containers as part of a partnership where Cloudera provides level one and level two technical support backed by Docker, Inc.
“Docker and Cloudera worked in close collaboration to meet the specific needs of government agencies. Because these agencies often have sensitive workloads where portability and security are necessary, the two companies worked together on an integration that would protect the code and data running in containerized workloads. Docker and Cloudera made sure that all data and code are protected both in transit, at rest and at runtime,” the companies said in a statement.
They said, “The integrated solution is based on Cloudera Navigator Encrypt running on Docker, Inc’s CS Engine. Cloudera Navigator Encrypt transparently encrypts and secures data at rest without requiring changes to applications and ensuring there is minimal performance lag in the encryption or decryption process. Advanced key management with Cloudera Navigator Key Trustee Server and process-based access controls in Navigator Encrypt enable organizations to meet compliance regulations and help protect organizations from unauthorized parties or malicious actors gaining access to encrypted data. Docker wraps software in a complete filesystem aka container that includes an application and its dependencies which allows applications to run anywhere. In addition, Docker Content Trust based on The Update Framework (TUF) provides the most secure content distribution model for verifying the creator of a specific dockerized application.”
Cloudera Navigator Encrypt Key Trustee Server and Client already possess Federal Information Processing Standard (FIPS) 140-2 compliance, the US government computer security standard used to approve cryptographic modules.
The partnership with Docker, Inc. enables the pursuit of an end-to-end FIPS-validated product to include the Docker platform itself, as well as the encryption and key management platform, the company said.
“Cloudera is committed to delivering the highest levels of data security for Docker workloads,” said Charles Zedlewski, senior vice president, products at Cloudera. “We are pleased to have the opportunity to bring the industry leading security controls that are already a core part of Cloudera’s business to the realm of dockerized applications and supporting the US government with their most challenging problems.”
“Docker is increasingly becoming a critical platform for federal agencies as they modernize their applications, while making them even more secure through Docker’s isolation capabilities and content security framework,” said Nathan McCauley, Director of Security for Docker. “This partnership with Cloudera further elevates the security posture of Dockerized applications by protecting against data leaks through secure encrypted data volumes.”
Docker provides an abstraction layer for Cloudera’s Navigator Encrypt and the Key Trustee Server, allowing the exchange of dockerized applications so they can be run, but not seen, modified, or tampered with. It has complete administrative separation of duties where administrators, platform owners and users, whether trusted or untrusted, cannot impact each other. Multiple points of control, application fingerprinting, and user roles and network-based authentication are included.
The joint solution is both operating system and cloud agnostic. This early access product is currently available to US government agencies.