Advanced Computing in the Age of AI | Thursday, May 30, 2024

Vendors Focus on Docker Security 

While its unclear so far whether Docker containers will make much of a dent this year in the datacenter, vendors continue to announce support for the open platform designed to automate the deployment of cloud applications in secure software containers.

The latest to jump on the Docker bandwagon is San Francisco-based CloudPassage, which this week unveiled a platform for cloud and virtual infrastructure for securing applications deployed using Docker containers. The company said its approach brings enforcement of security policies for virtual infrastructure to the application container level.

While Docker containers provide basic security functions, CloudPassage notes that the application delivery platform still requires users to implement additional security steps like access controls, configuring file system attributes and preventing other designated processes from accessing the Docker Engine.

The software-defined security specialist said its security platform addresses these issues through a suite of security and compliance features customized for Docker deployments. Among them are configuration policies based on best practices for securing Docker containers.

Also included is a software vulnerability assessment capability that automatically scans for vulnerabilities in packaged software across all Docker deployments, CloudPassage said.

A file-integrity monitoring feature is said to protect Docker containers by monitoring for unauthorized or malicious changes. Any differences detected are logged and reported to administrators.

Other features include log-based intrusion detection that monitors server log files for suspicious events that indicate misuse, misconfiguration or even a security compromise. An access control capability allows secure remote network access using two-factor authentication. The vendor said this feature keeps server ports hidden while allowing temporary access on-demand for authorized users only.

Finally, a firewall micro-segmentation is designed to secure both the Docker Engine and Docker containers, CloudPassage said.

Companies are "adopting technologies like Docker that allow them to abstract, automate and orchestrate software-defined data centers,” Carson Sweet, CEO of CloudPassage, said in a statement. Benefits like agility, speed and cost savings must be weighed against the potential security risks, Sweet added. "These environments demand a new approach to security, one that protects at a deeper level than just the perimeter.”

The Docker security features are relatively new. Most vendors coalescing around the nascent Docker ecosystem are focused on areas like application development, orchestration, the ability to share data across containers and other enterprise production features.

Still, some observers note that Docker has so far made few inroads in the datacenter and that production use may not gain traction until next year at the earliest.

Meanwhile, other players are jumping into the software container market. For example, CoreOS, which offers a variant of the Linux operating system, launched an effort in December called Rocket that is being positioned as a new container runtime "designed with composability, security and speed."

"We thought Docker would become a simple unit that we can all agree on," CoreOS noted in a recent blog post. "Unfortunately, a simple reusable component is not how things are playing out."

"It is not becoming the simple composable building block we had envisioned," CoreOS added.

Security is one area CoreOS said it would focus on in launching its Rocket app container. "Isolation should be pluggable, and the crypto primitives for strong trust, image auditing and application identity should exist from day one," the developer stressed.