Containers and microservices from vendors like Docker and CoreOS offer innovative solutions for running apps and storing data in the cloud without the overhead of traditional virtualization. But they also present special challenges when it comes to security and protecting the data inside containers. Answers for container security are still emerging, but here's a look at what the ecosystem has produced so far.
Clair is a container security scanner that CoreOS introduced in March. It's basically a virus scanner for container images, which works by looking inside images for vulnerabilities. It can be run locally, but it's designed for integration into online container registries, where it can scan images automatically whenever they change. So far, it mainly supports Quay, CoreOS's own container repository platform.
Introduced last week, Docker Security Scanning is Docker's answer to CoreOS Clair. As the tool's name implies, it's also a security scanner for container images. And like Clair, it runs as part of container repositories, specifically those available through Docker Cloud and Docker Hub.
Intel is working on hardware-level container security solutions as part of a technology called Clear Containers. The platform remains under development and few specific technical details have emerged regarding how it works. But it seems a safe bet that, as with traditional virtualization, hardware-level optimizations wil become an important part of the container world as containers mature.
An Israeli startup named Scalock is working on a container security platform that allows admins to define security policies, then checks containers for compliance. The trick here is to deliver these security checks without undercutting container performance too severely. We have it on good authority that Scalock will be making an important announcement about the availability of its platform soon.
Twistlock recently unveiled a security tool for containers called Runtime. The company, whose founders are pictured here, says Runtime creates a "DNA" profile for each container, which it then checks against known security vulnerabilities. Twistlock Runtime is very new, but it's notable as one of the first container security solutions from a third-party vendor (i.e., not Docker or CoreOS) to reach general availability.
Runtime is part of Twistlock's Container Security Suite, which the company began debuting last fall.
March 30: Modern Approaches to Selling in the Digital World Order
For VARtweet sponsor info contact Amy Katz (firstname.lastname@example.org)
Sponsored Introduction Continue on to (or wait seconds) ×