Run Apps In Docker If You Want Application Security

When any new technology appears on the scene, security is typically a barrier to adoption. When it comes to Docker containers, though, two organizations now are making the claim that security should be a driver of adoption.

Analyst firm Gartner and cyber-security specialist NCC Group have published research detailing the container security landscape.

“The significant piece of this is that Gartner is at the point where they think applications are more secure running in Docker containers and are communicating this out to their enterprise users,” Nathan McCauley, director of security at Docker Inc., told eWEEK. “It is significant in combination with the NCC Group report, which recognizes Docker’s leadership in the area of container security.”

Docker security

Gartner analyst Joerg Fritsch wrote that an application that is deployed in a container is in fact more secure than the same application running on a bare-metal operating system because “applications and users are isolated on a per-container basis so that they cannot compromise other containers or the host OS.”

The NCC Group report stated that “from a security perspective, [containers] create a method to reduce attack surfaces and isolate applications to only the required components, interfaces, libraries and network connections.”

McCauley published a blog post on Aug. 23 that included a chart showing some of the key security features enabled by Docker and how it compares to other container options.

Among those features is a capability called seccomp filtering that was first added to the Docker 1.10 update that came out in February. Seccomp is a technology that is integrated into the main line of the Linux kernel to provide granular security control.

Containers

The most recent release of Docker is version 1.12, announced at DockerCon in June.

“The Gartner report already takes into account 1.12 security features, which include built-in certificate authority, mutual TLS [Transport Layer Security] authentication and authorization between all nodes as well as cryptographic node identities,” McCauley said. “In particular, cryptographic node identities are one of the fundamental building blocks that will enable future security features.”

The fact that Docker has multiple levels of security doesn’t mean, however, that all Docker users are secure by default. Properly securing a Docker container environment involves making use of the security capabilities that Docker provides as well as best practices for configuration. That’s the rationale behind the Docker Bench tool released in May 2015. Docker security has improved since then, and Docker Bench is set to keep up.

“We are updating Docker Bench to take advantage of the new orchestration features that shipped in 1.12 and continue to update our sysbench release for every benchmark that comes out,” McCauley said.

Originally published on eWeek

Take our cloud quiz here

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago