Container technology is creating waves in IT industry. With its large number of benefits for IT and dev ops, it has started impacting the industry starting early 2014. According to a research done Docker adoption was up by fivefold from 2014 to 2015. The survey also revealed a key insight; two-thirds of companies that evaluate Docker, end up adopting it.
Some of the key benefits of using Docker technology are:
- Fewer VMs and OS instances to patch and update
- Fewer hardware boxes to house and maintain
- Rapid application deployment
- Easy version control and sharing
Even with all these benefits there are some security concerns which even Docker guys have acknowledged. There are four major areas to consider when reviewing Docker security:
- The intrinsic security of the kernel and its support for namespaces and cgroups.
- The attack surface of the Docker daemon itself.
- Loopholes in the container configuration profile, either by default, or when customized by users.
- The “hardening” security features of the kernel and how they interact with containers.
I will not go in details of these security challenges but would like to highlight the effort being taken to overcome these security challenges. Just like every debate, there are merits to arguments on both sides; with all these security concerns in Docker technology, many efforts have been undertaken to educate adopters and improve their comprehension of available tooling and security postures. Community has taken effort to educate adopters with static analysis, runtime vulnerability detection, provenance, fine-grained authorization, cryptographic verification and many more.
These security challenges have also provided an opportunity for emerging start-ups to focus on creating products which caters Docker security. In a very short span of time I have seen number of vendors addressing Docker security challenges and changing the dynamics of space rapidly. Vendors, right from hardware to application layer in this open source community have significantly moved forward in addressing the security challenges in the past year.
I believe we have seen some significant changes in Docker technology and can consider it to be relatively safe. At Calsoft, even we have helped our customers embracing the power of Docker, and overcome the security challenges with some best hygiene practices.
To know more email: firstname.lastname@example.org
Anupam Bhide | Calsoft Inc.