This content is part of the Essential Guide: Combat the latest cloud security challenges and risks
Manage Learn to apply best practices and optimize your operations.

Seven cloud security risks that will ruin your day


Rushing your Docker container security strategy

Source:  Michael Kloran
Designer: Michael Kloran for TechTarget

Docker caught fire over the past year as a way to deploy Linux containers, but security concerns around multi-tenancy currently limit many Docker deployments to test and development.

"The bigger issue is enterprises having to come to terms and understand what security means [regarding] containers, because it's different than virtual machines," said Dave Bartoletti, principal analyst with Forrester Research, Inc., in Cambridge, Mass.

Virtual machines (VMs) have a full operating system (OS), isolation, direct hardware access and a mature industry around them. Docker containers, however, are Linux processes that run on an OS, meaning anyone with access to root privileges can start and stop containers, or perform some other nasty task, if access isn't hardened, Bartoletti said.

It's an issue that remains largely unsolved, as vendors, including Red Hat Inc. and Joyent, approach the challenge differently. But with everyone from IBM to Microsoft focusing on container security, improvements are likely over the next year.

For now, container security is as much about process and governance as it is about technology. Experts urge organizations to only use application containers with strongly guarded permissions, and to monitor the underlying OS. Private Docker image repositories kept in databases behind firewalls are another solution.

View All Photo Stories