As 2015 begins, there is good news on the cloud computing and container technology front, given that enterprises everywhere have rapidly gained confidence in platforms and tools such as OpenStack and Docker. On the flipside, though, security concerns about these emerging open tools are on the rise. Just yesterday, I wrote a post on security concerns arising surrounding the Internet of Things, especially as connected objects gain new bridges and paths for reaching out to the cloud.  Now, a Gartner Research report called "Security properties of Containers managed by Docker" asks questions about the security of Docker.  In a post regarding the report, Joerg Fritsch writes: "Security properties of containers are a largely unexplored field and there is a lot of controversial discussion about whether containers do contain or not...On the one hand containers are not new and service providers have been using for example Virtuozzo or Parallels containers to offer Virtual Private Servers (VPS) in multi tenant environments long before computing clouds even came onto the radar. On the other hand, the packaging of software and the instantiation and management of containers with Docker is brand new." Continuing by creating parallels between Docker containers and tools like virtualization platforms, Fritsch concludes that "containers are mature enough to be used as private and public PaaS.” Fritsch also likes the idea of using security enhancements tools such as ELinux and AppArmor when running Docker. There have been a few voices in the crowd questioning whether Docker is secure enough for enterprise use in terms of its administration capabilities. In fact, OStatic covered some of the limitations of Docker in a post back in 2013, although most of the issues raised there are solved now. There is a security site for Docker, and it argues that Docker containers are very similar to LXC containers in terms of security. The site notes that Docker containers get their own network stacks and logical rules about container-to-container access. Of course, Docker remains a most interesting tool, and we've also been writing about emerging competition for it, especially from Rocket, which comes from the CoreOS team. There is  a prototype version of Rocket on GitHub to get started with.  According to a post from the Core OS folks on Rocket: “When Docker was first introduced to us in early 2013, the idea of a “standard container” was striking and immediately attractive: a simple component, a composable unit, that could be used in a variety of systems. The Docker repository included a manifesto of what a standard container should be. This was a rally cry to the industry, and we quickly followed. We thought Docker would become a simple unit that we can all agree on.” “Unfortunately, a simple re-usable component is not how things are playing out. Docker now is building tools for launching cloud servers, systems for clustering, and a wide range of functions: building images, running images, uploading, downloading, and eventually even overlay networking, all compiled into one monolithic binary running primarily as root on your server. The standard container manifesto was removed. We should stop talking about Docker containers, and start talking about the Docker Platform.” “We still believe in the original premise of containers that Docker introduced, so we are doing something about it. Rocket is a command line tool, rkt, for running App Containers. An ‘App Container’ is the specification of an image format, container runtime, and a discovery mechanism.”       Related Activities Comments (0) Post a Comment Ask a Question Related Software docker (add alternative, post review) rocket (add alternative, post review) Related Blog Posts Microsoft Offers Ubuntu Image with Docker Engine in Azure Marketplace (post comment) Is Rocket Strictly a Competitor to Docker? (post comment) Docker Reigned in 2014, But Competition is Coming (post comment)