What Are Docker Containers?
Docker can efficiently create, ship and run containers. Docker containers wrap an application’s software into an invisible box with everything it needs to run. This includes, the operating system, application code, runtime, system tools and libraries. Docker uses images to build containers. They are lightweight and portable and allow developers to build, transfer and run distributed applications efficiently. In addition, it allows to pack and move an application easily, increasing simplicity of infrastructure. Docker also provides reduced boot times, which improves the utilization of resources. However, as containers continue to evolve, the concern for security grows larger.
Image Source: https://medium.freecodecamp.org/a-beginner-friendly-introduction-to-containers-vms-and-docker-79a9e3e119b
Containers are less isolated from one another than virtual machines. The job of a container is to package and distribute applications, but not all available on the web can be trusted and not all libraries and components included in the containers are patched and up-to-date. A recent study shows that 67 percent of organizations plan to begin using containers over the next two years, but 60 percent say that they are concerned about security issues.
Things to Consider
- Kernel exploits. Unlike a virtual machine, the kernel is shared among all containers and the host. If a container causes a kernel to panic, it will take down the whole host.
- Denial-of-service attacks. Containers share kernel resources, so if one container is able to monopolize the access to certain resources, it can starve out other containers on the host. This results in a denial-of-service (DoS). Users are unable to access part or all of the system.
- Container breakouts. Be aware of potential privilege escalation attacks, where a user gains elevated privileges through a bug in application code that must run with extra privileges. While unlikely, breakouts are possible and should be considered when developing a continuity plan.
- Poisoned images. If an attacker can trick you into running their image, the host and data are at risk. In addition, make sure that the images that are running are up-to-date.
- Compromising secrets. When a container accesses a database or service, it will require a secret, like an API key or username and password. An attacker that gains access to the secret will also have access to the service.
While Docker containers may be efficient and provide flexibility, it is critical to assess the above prior to implementation.
What Containers Mean for IT and Development
Forrester analyst, Dave Bartoletti, thinks that only 10 percent of enterprises currently use containers in production now, but up to a third are testing them. Docker was able to generate $762 million in revenue in 2016. Containers will transform the IT world because they use shared operating systems. A move like this could save a data center or cloud provider tens of millions of dollars annually in power, but it is all about the risk you are willing to take.
There are, however, some concerns surrounding the assurance that developers still have the freedom to innovate while using containers. Developers must be able to pick and choose which tools and frameworks they would like to use and rarely ask for permission. Using a container could potentially stifle a developer’s creativity.
The choice is ultimately up to an organization on whether to invest in containers. With pros and cons weighing evenly, it all comes down to risk appetite.
Picture Copyright: https://www.pexels.com/photo/blue-white-orange-and-brown-container-van-163726/ CC0 License