Run Apps In Docker If You Want Application Security

When any new technology appears on the scene, security is typically a barrier to adoption. When it comes to Docker containers, though, two organizations now are making the claim that security should be a driver of adoption.

Analyst firm Gartner and cyber-security specialist NCC Group have published research detailing the container security landscape.

“The significant piece of this is that Gartner is at the point where they think applications are more secure running in Docker containers and are communicating this out to their enterprise users,” Nathan McCauley, director of security at Docker Inc., told eWEEK. “It is significant in combination with the NCC Group report, which recognizes Docker’s leadership in the area of container security.”

Docker security

Gartner analyst Joerg Fritsch wrote that an application that is deployed in a container is in fact more secure than the same application running on a bare-metal operating system because “applications and users are isolated on a per-container basis so that they cannot compromise other containers or the host OS.”

The NCC Group report stated that “from a security perspective, [containers] create a method to reduce attack surfaces and isolate applications to only the required components, interfaces, libraries and network connections.”

McCauley published a blog post on Aug. 23 that included a chart showing some of the key security features enabled by Docker and how it compares to other container options.

Among those features is a capability called seccomp filtering that was first added to the Docker 1.10 update that came out in February. Seccomp is a technology that is integrated into the main line of the Linux kernel to provide granular security control.


The most recent release of Docker is version 1.12, announced at DockerCon in June.

“The Gartner report already takes into account 1.12 security features, which include built-in certificate authority, mutual TLS [Transport Layer Security] authentication and authorization between all nodes as well as cryptographic node identities,” McCauley said. “In particular, cryptographic node identities are one of the fundamental building blocks that will enable future security features.”

The fact that Docker has multiple levels of security doesn’t mean, however, that all Docker users are secure by default. Properly securing a Docker container environment involves making use of the security capabilities that Docker provides as well as best practices for configuration. That’s the rationale behind the Docker Bench tool released in May 2015. Docker security has improved since then, and Docker Bench is set to keep up.

“We are updating Docker Bench to take advantage of the new orchestration features that shipped in 1.12 and continue to update our sysbench release for every benchmark that comes out,” McCauley said.

Originally published on eWeek

Take our cloud quiz here

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Twitter To Hide Tweets That Share False Information During A Crisis

Potentially risking Elon's wrath over free speech, Twitter says it will hide tweets spreading misinformation…

12 hours ago

Boeing Starliner Test Flight Readied For Tonight

Third time the charm? Main rival to SpaceX's Dragon capsule, the embattled Boeing Starliner spacecraft,…

13 hours ago

September 13 Slated For iPhone 14 Launch – Report

No surprise there. Apple is slated to launch the iPhone 14 on 13 September according…

16 hours ago

Texas Social Media Law Battle Heads To Supreme Court

Battle between Texas and social networking giants reaches US Supreme Court, and it could decide…

16 hours ago

UK Can Legally Launch Cyberattacks Against Hostile Nations, Says AG

Chief legal advisor to government says UK can legally launch cyberattacks against hostile nations, and…

21 hours ago