‘Secure by Default’: Docker’s Container Security Messaging
Containers are not only “secure by default.” They’re more secure than virtual machines. This, at least, is the thesis that Docker is pushing as container technology matures. Is it accurate?
For the first few years following Docker’s release in 2013, the company did not have a strong message about security. It instead was focused on building out its container platform.
This makes sense. Most young open-source projects (and closed-source ones, too, for that matter) tend not to make security a priority when core features are still being developed.
Docker’s New Security Mantra
Fast forward to the present, however, and Docker’s new mantra is “secure by default.”
Docker started pushing this messaging in 2016. It continues to advance it today when describing, for example, container solutions in the cloud. Docker wants users to see cloud-based container environments as not just an easier way to run containers, but a more secure one, too.
In addition to the “secure by default” talking point, Docker also argues that software running inside containers is “safer” than other types of infrastructure technologies, like virtual machines.
Assessing Docker Security
Is Docker secure by default? The answer depends on how you define the words, of course. Docker is “secure by default” in the sense that the Docker platform is designed with security in mind, Docker fixes known security vulnerabilities quickly and there are no gaping security holes in Docker out-of-the-box.
That said, there is always more that Docker users can do to secure containers—and an expanding list of vendors are now offering security add-ons tailored to Docker.
To make my point clearer, here’s a metaphor: I could say that my house is secure by default because I lock the doors at night and don’t let my mail pile up outside to attract burglars when I go on vacation. In other words, I do the basic minimum required to make my house secure. But I could do more; I could install a security system, for example. Going further than that, I could hire a personal armed guard to watch my house all night. But that’s probably overkill. (My neighborhood is not that bad.)
Docker is secure by default in the same way. A default Docker environment meets basic security requirements, even though it could be secured further. Up to a point, extra Docker security tools are worth it; beyond that point, they become overkill.
Is Docker Safer?
As for whether Docker is more secure than other types of infrastructure, that depends on how choose to think about what security means, too.
However, I’m a bit skeptical about this idea. Docker is certainly designed for strict isolation between containerized processes and the host. But the isolation is not as deep as it is between a virtual machine and a host operating system. Virtual machine privilege escalation attacks are virtually unheard of. The same is not true of privilege escalation on Docker containers.
You could argue that Docker is more secure than an application running directly on a bare-metal server. In that scenario, there are very few barriers to protect against privilege escalation and other security vulnerabilities that could arise within the application and allow attackers to take control of the host.
But when it comes to comparing Docker to virtual machines, it’s hard to make the case that Docker truly is more secure.
Overall, it’s perfectly fair to say that Docker today is safe, but safer is a stretch.