Linux containers are the service delivery mechanism of choice for many of the world’s top web companies, including Google, which employs the technology to serve up billions of application instances each and every week. But the paradigm is still a long way from becoming viable for the traditional enterprise, says a new Gartner report.

The problem lies not so much with concept but implementation. The search giant and most of the other global names in the hyperscale category tend to keep a tight lid on the internally-developed technologies powering their services, including the service delivery component, which leaves the average organization with only one feasible choice for a container engine: Docker.

The project has come a long way since launching in 2013 as a means for developers to easily scale their code in the cloud, but that remains its primary application nearly two years later. Gartner blames the limited usefulness of the technology on a combination of factors, starting with security – or rather, the lack thereof.

Docker includes a verification mechanism that ensures that code downloaded from official sources has not been modified, and future versions will expand that capability with more advanced controls such as public-key encryption. But other than that, the engine is entirely dependent on the host operating system for security.

That’s an issue because the security modules available on Linux don’t offer much in the way of protection against hackers other than to prevent containerized applications from accessing parts of the kernel they’re not supposed to. But that’s only assuming that the user manages to implement the isolation perfectly without overlooking any gaps. That’s not a practice multi-billion-dollar enterprises can depend on for security.

Accentuating the challenge is the fact that containers run directly on the host, which means there is only that thin – and historically frail – layer of access controls to defend against attackers. In comparison, breaching a conventional virtual machine requires subverting the operating system inside the targeted instance, breaking through the hypervisor and then finally bypassing the surrounding access controls.

VMware Inc. offers a workaround to its customers by giving them the ability to run Docker within virtual machines, but according to Gartner, that approach potentially diminishes the flexibility that comes with containers. Worse, it leaves the other factors keeping the project from the enterprise mainstream largely unaddressed.

The report also points to the limited management capabilities of Docker as one of its main sticking points, although the startup behind the project has been working to change that. Docker, Inc. recently introduced three new tools for deploying, configuring and running containers. Another area where the research firm sees room for improvement is the choice of mature third-party solutions available for the engine, which is small but growing.

Between its growing ecosystem and fast-evolving administrative functionality, Docker appears to be on the right course in its journey to the enterprise. The question is if the project will have what it takes to sustain that momentum once its more security-conscious competitors start gaining ground.

Photo credit: Roberto AI via photopin cc