The slow walk toward Docker security
By Tim Clark
October 7, 2015
Docker users on Amazon Web Services can now have their containers monitored for security with a new Threat Stack Pro Edition, a security monitoring solution from Threat Stack. Threat Stack’s existing security elements and new support for Docker will provide Docker users with the context they need when containers act abnormally, signaling a potential security incident.
Threat Stack, which focuses its security solutions on AWS, has found its earliest adopters in the health-care industry, where patient privacy issues embodied in the HIPAA regulations are driving security initiatives. Docker containers prove handy for protecting each patient record individually, and Threat Stack Pro can “see” inside containers by monitoring their behavior. Regulatory compliance is driving these health-care customers’ adoption.
Threat Stack Pro Edition intelligently monitors AWS workloads continuously for changes in user, process and file behavior, and it recognizes when activities deviate from the norm. This provides an early warning against threats so a security team can investigate, verify and take action before a security event escalates.
Threat Stack positions itself as a “workload security,” a different focus for Docker security than other companies eying the Docker security market: Illumio, CloudPassage, Twistlock, FlawCheck-Apcera, Conjur-Jenkins and Docker itself.
So far, Docker security announcements fall broadly into two categories: First, security frameworks, existing or new and Docker-specific that address multiple security technologies and add support for Docker containers (CloudPassage, Apcera, Threat Stack). Second, new companies creating components to guard Docker containers (Twistlock, Docker, FlawCheck). These Docker-specific components may ultimately get rolled up into the broader security platforms.
To date, bilateral integrations of Docker security services have emerged, but in a fairly limited way. Why not more? “We haven’t seen them yet because our customers aren’t there yet,” Venkat Pothamsetty, Threat Stack’s vice president of products, told Focus on Docker.
This customer indifference will change as Docker containers become more mainstream, we believe. Docker security elements are likely to start as standalone services and then become integrated into broader security suites over the next 12-24 months. Longer term, Docker security will move into security platforms, treated not as Docker-only technologies but as another element of enterprise security, an add-on feature to broad security suites.
And when customers seeking Docker security demand broad security platforms, Docker moves closer to a mainstream technology.