John Katsaros May 16th
Last week Docker introduced its latest installment of its security strategy – the second security announcement from Docker. This one added vulnerability detection to a Docker environment. The only thing that was missing was the ecosystem. Docker doesn’t seem to have moved its ecosystem partners onto the Docker security platform. Security isn’t a single vendor problem.vendor solving the problem. Security solutions will most likely be multi-vendor because enterprises are large organizations and security has many different facets. Enterprise security solutions are, by their very nature, complicated – and multi-vendor – many vendors integrating their solutions onto a common platform.
Last November Docker announced new security enhancements to safeguard and protect Dockerized distributed applications, while preserving developer agility. Unveiled at DockerCon EU, this comprehensive security offering included the industry’s first hardware signing of container images. That solution was primarily a way to encrypt containers. The recent announcement adds another layer of security on top – Docker’s new container-optimized security service designed to enable granular auditing, vulnerability assessment and ongoing compliance for Docker users. While this is a good move for Docker in that it helps establish a way in real time a way to secure a solution while providing a potential revenue stream for Docker Inc.
So Part A was container encryption, Part B is container scanning. What’s missing is the inclusion of the Docker eco-system in the overall Docker infrastructure. This security services introduction could have been more inclusive by having eco-system partners co-launching products and services that supported the new Docker security service.