Docker, Addressing Security Concerns, Hardens Its Containers


Printer-friendly version Email this CRN article

"With Docker Enterprise adoption increasing, we are seeing more and more scrutiny of its security controls from our customers," Suleman told CRN.

User Namespaces, a security feature that allows configuration of privileges for containers, fixes a longstanding issue with containers being able to access the root on the host, Suleman said.

"This specific concern has in fact been brought up by InfoSec gurus to our customers," Suleman told CRN of the root access problem. "Version 1.10 provides a good answer."

Content addressable container IDs is another innovation important to highly regulated industries like health care, where artifacts must be tracked at every step of the way, Suleman told CRN.

"Last year, we had to implement this control for a Fortune 100 health-care client," Suleman said. "We had to develop it from scratch ourselves using container tags and a series of controls to avoid tainting the IDs as the containers progressed in the code promotion pipelines."

In addition to security, 1.10 greatly enhances usability of the commercial product, Suleman said. One of the most interesting capabilities is an embedded DNS server.

Flux7 started using Docker in 2013, when container discovery was not a well-studied problem.

The company created a solution for cars.com -- presented at DockerCon 2014 -- that achieved the same effect that the new embedded DNS server will provide out of the box.

"As someone who has seen Docker evolve from Day 1, we welcome this change. It may not be technically miraculous but it eases some common use cases," Suleman said.

That greater ease is true for other new features, like the networking enhancements, the ability to assign IPs to containers, and internal networks, he added.

Printer-friendly version Email this CRN article