While interest in containers has grown significantly in the last two years, it’s important to remember that containers as a technology concept have been around for many years. In Linux, there are LXC (Linux Containers); in Solaris Unix, there are Zones; and in FreeBSD, there is the concept of Jails. During my panel, a member of the audience wanted to know what’s new with container security, given that containers as a technology construct are not new.
The answer I gave is the same that I gave a decade ago, when VMware’s momentum was growing and people reminded me that IBM had been doing virtualization for 50 years. The answer was that applications are the difference, as is increased production deployment at scale in distributed systems. Additionally, though the attack surface of containers and the applications that run in them are not new, those that are deploying containers might be new to security best practices that have already been learned in the industry.
While the basic ideas behind securing containers are now in place, it’s likely that there are some ideas and concepts that have yet to emerge. What never ceases to amaze me is how emphasis and effort from the security research community exposes vulnerabilities in nearly all classes of software and infrastructure. No doubt, as container deployments grow, security researchers will turn their attention to the technology and new vulnerabilities will be discovered.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.