Free Trial
Schedule Demo
Comments
Virtualization containers, with their extraordinarily efficient hardware utilization, can be like a dream come true for development teams. While containerization will probably never entirely unseat VMs in enterprise application development and deployment, increasingly popular systems like Docker fulfill wishes on the checklist for the speed and agility required to develop, test, and deploy modern software at scale. No heavy hypervisor. Exceptional portability. Resource isolation. Incredibly lightweight containers. Open standards. Perfect for micro-service architectures. Lots of tidy app packages all wrapped up and humming away on top of a single Linux instance. What’s not to love?
It’s easy for dev teams to get excited by the possibilities that such speed and ease imply (there have been over 400 million Docker container downloads to date, which represents a lot of excitement). But concerns about containerization and security do exist. And while you certainly don’t want to reign in enthusiasm to the degree that it stifles rapid iteration and innovation (thus completely negating all that wonderful potential), you do need to avoid developing a culture of cowboy programming and keep security considerations at the fore if your organization is to safely embrace Docker.
To be clear, the Docker model does address security, but responsible use is a lynchpin. When you start using Docker, you quickly discover that there are lots of downloadable templates (“images”) available from repositories (“repos”) that can be used as shortcuts for writing your own micro-services, thus speeding development exponentially. The problem is that you don’t know which of these images are secure (they may contain vulnerabilities). And therein lies the source of recent security cautions. Image vulnerabilities may not be of much concern for individual app developers — but for the enterprise, security and data compliance policies are critical and must be maintained. Thus the question becomes: How they can be applied to Docker usage?
Docker Best Practices
To establish best practices for your organization, the nonprofit Center for Internet Security (CIS) provides a detailed 100+ page Benchmark resource for safe and secure Docker configuration, and there are a few specific areas of focus to keep in mind.
Overall, your best strategy for enterprise Docker use is to meld the CIS benchmark with your existing security policy; it will guide you to establishing a secure configuration posture for all Docker containers and help you create a safer playing field for your dev teams to have at it.