Docker's oyster has security in the shell

Goodness isn’t it all about the containers these days?

Actually, scratch that, isn’t it all about the container security debate these days?

As recently explained here, a container is a specific place to run an application alongside its own dependencies, configuration files, libraries and the ‘runtime environment’ that defines its engine power.

Containerizing, yes, it’s now a word


Containerizing an application means that it can be moved from one environment (from ‘test’ to ‘deployment’ for example) to another.

This process also means that the containerized application can benefit from being abstracted away from it underlying infrastructure… but what security implications arise herein?


Docker hopes to have additional security answers to address current issues inside its open platform for distributed applications.

The firm this week announced new security enhancements designed to safeguard and protect Dockerized distributed applications.

The new development sees what is claimed to be the first “hardware signing” of container images, content auditing through image scanning and vulnerability detection and granular access control policies with user namespaces.

Why is hardware signing the answer?

Hardware signing and scanning of container images addresses the trust and integrity of application content.

Both are universal considerations in the application lifecycle and are becoming a central focus for organisations with Dockerized distributed applications in production, which accounts for 40 percent of all deployments of Docker.

These new capabilities, in combination with Docker’s existing security options, are claimed to ensure the publisher of the content is verified, chain of trust is protected and containerized content is verified via image scanning.

Solomon speaks

“It has been our goal from the beginning to develop a framework that secures Dockerized distributed applications throughout the entire application lifecycle,” said Solomon Hykes, CTO and chief architect of Docker.

“With this latest set of capabilities, we continue to drive our users and ecosystem forward with industry-first innovations and best practices that advance the end-to-end security of distributed applications. Furthermore, we’ve enabled developers and IT ops to benefit from a more secure environment, without having to learn a new set of commands or to be trained on a deep set of security principles. Docker security works as part of an integrated component without any disruption to developer productivity while providing IT with the appropriate level of security controls.”