Containers started making a big splash in IT and dev operations starting in 2014. The benefits of flexibility and go-live times, among many others, are almost undeniable. But large enterprises considering using a container platform for development or IT operations should pause and consider security first.
Last year DataDog, an IT infrastructure monitoring company, surveyed 7,000 companies and found that Docker adoption was up fivefold from 2014 to 2015. If true, the adoption rate for using containers as opposed to virtual machines and hypervisors to run apps is rather unprecedented for enterprises large and small. The survey also found that two-thirds of companies that evaluate Docker, end up adopting it.
Docker is a platform that allows IT sys admins, software developers, engineers, or anyone needing to publish a piece of code or software, to compartmentalize apps along with their code libraries and executable files into what are called containers. Rather than use an entire OS instance like Windows to run one application on a virtual machine, container platforms like Docker can use far fewer resources, a single OS, and containers to keep processes separate from one another, and thus far more efficient. Containers certainly have a large number of benefits for IT and dev ops, such as fewer virtual machines and OS instances to patch and update, fewer hardware boxes to house and maintain, rapid application deployment (really rapid, like seconds in most cases), easy version control, easy sharing, and so on. However, there is speculation from some that containerization — to use such a Franken-term — is not ready for large enterprise use.
Much of that speculation comes from both the previous security issues that plagued Docker’s early days, and the fact that it is such new technology that has not been hardened through widespread use.
Of course there are security issues
At RSA 2016 Securosis Contributing Analyst David Mortman led a session on security for Docker, and quoted Red Hat Engineer Dan Walsh as saying, “Containers don’t contain.” What he means is, because an application or piece of code lives in a container, it doesn’t mean the container is going to prevent leaks to other containers or the OS itself. In other words, there is nothing inherently secure about containers. In fact, Mortman said, Docker has openly admitted this fact in the past.
“If you talk to the Docker guys, they say ‘Of course there are security issues. This is beta code,” Mortman said.
And that’s the underlying issue. Sure the security problems extend from necessity of root privilege in containers to run a process or app, and namespace issues with the Linux host. Docker’s own documentation highlights four core security issues that should be addressed when using the platform.
“From an application perspective,” Mortman said, “you have only what you need, which is great.” But, he added, the security concerns are that of really any operating system. Backing up data, reducing the attack surface, keeping access levels under control, are all still necessary.
During his talk, Mortman recommended using the Docker Security Benchmark tool available on Github. It’s a utility developers can run against a container that will check for dozens of known security issues. It’s based on the collaboration project Docker embarked on with the Center for Internet Security, which resulted in a 120-plus page benchmark for security best practices.
And outside of the 17 or so security bullet points that Mortman outlined in his talk, above all, he said container security should be treated just like Linux or OS security. One core piece of advice about Docker is exercising extreme care about using public containers. Docker Hub is like any open software platform, with publicly available images, scripts, apps, and utilities developers can find on Github and repurpose — more than 100,000 of them. And the Docker Hub registry does its best to ensure the validity of images by adding signatures and hashes of the image to make sure what is in the image’s manifest is actually what’s in the image.
But, Mortman cautioned, “Don’t trust them blindly. It’s not rocket science, but we all do it sometimes.” Developers should still check the hashes of any image pulled from a public source before using it in production.
Embrace the benefits, but with caution
If embracing the power of Docker, it’s a good idea to temper it with good container hygiene, like not using root unless absolutely necessary (which it usually is not), preventing container leaks, mounting only necessary volumes and not extraneous ones like etc.
OpenDNS Security Engineer Chris Dorros says using a container hosting platform can help ensure the hygiene required for large enterprises. “Having a platform for developers where they can host their containers as a service can help centralize security controls and greatly reduce mistakes,” he said in an e-mail interview. “At OpenDNS we use a homegrown system called Quadra, but there are others like Kubernetes.”
For more on Quadra and how OpenDNS uses Docker, see the previous posts from the OpenDNS engineering team.
Security