This article focuses on container security by highlighting Docker container security risks and challenges as well as providing best practices for hardening your environment during the build and deploy phases and protecting your Docker containers during runtime. We have briefly covered host security in a previous blog article.
Securing Docker can be loosely categorized into two areas: securing and hardening the host so that a container breach doesn’t also lead to host breach, and securing Docker containers. A single compromised Docker container can threaten all other containers as well as the underlying host, underscoring the importance of securing Docker. However, building apps using Docker containers also introduces new security challenges and risks. According to Gartner, by 2020, more than 50% of global organizations will be running containerized applications in production. Docker is by far the most dominant container runtime engine, with a 91% penetration according to our latest State of the Container and Kubernetes Security Report.Ĭontainerization has many benefits and as a result has seen wide adoption. Containers, along with orchestrators such as Kubernetes, have ushered in a new era of application development methodology, enabling microservices architectures as well as continuous development and delivery.
