Security considerations are a significant barrier to adoption for just about every new technology that bursts onto the scene, and Docker containers are no exception. However, two organizations are now claiming that security should in fact be a driver of container adoption.

Cybersecurity firm NCC Group and technology analyst Gartner Inc. recently published research that shows containerized apps are more secure than traditional, non-containerized apps.

Nathan McCauley, director of security at Docker Inc., told eWeek that Gartner is now communicating this advice to its enterprise users.

“It is significant in combination with the NCC Group report, which recognizes Docker’s leadership in the area of container security,” he said.

Gartner claims in its research that an application deployed in a container is more secure than the same app would be when running on a bare-metal operating system. The thrust of Gartner’s argument is that applications and users are “isolated on a per-container basis,” which means they cannot compromise the host operating system or other containers.

NCC Group added in its own report that containers, “from a security perspective, create a method to reduce attack surfaces and isolate applications to only the required components, interfaces, libraries and network connections.”

Docker’s McCauley also penned a blog post supporting the claims, pointing out some of the key security features that Docker containers enable, and how these compare with other container formats. One of the most important of these features is Docker’s “seccomp filtering” technology, which was added to Docker version 1.10 in February. Seccomp is integrated with the Linux kernel and provides granular security controls, McCauley said.

McCauley also pointed to features made available in Docker 1.12 (released in July), such as built-in certificate authority, mutual Transport Layer Security (TLS) authentication, authorization between nodes, and most important, cryptographic node identities.

“In particular, cryptographic node identities are one of the fundamental building blocks that will enable future security features,” McCauley told eWeek.

However, this array of security features doesn’t mean Docker containers are automatically secure. In order to properly secure an environment, users need to follow the established best practices for configuration, which is precisely why Docker released its Docker Bench tool last year.

“We are updating Docker Bench to take advantage of the new orchestration features that shipped in 1.12 and continue to update our sysbench release for every benchmark that comes out,” McCauley said.

Image credit: PixelCreatures via pixabay.com