If you’re reading this site regularly, you’d probably agree how containers are starting to change the way we perceive the application stack. However, major questions still linger around container security.
At least one company cognizant of this issue is Intel, which earlier this year launched Clear Containers, a technology designed to mix the security benefits of full virtual machines (VMs) with the deployment ease of containers. The version 0.8 release of CoreOS’s rkt container runtime (which everyone calls “Rocketâ€) incorporates Clear Containers to provide hardware-assisted security.
Where VMs inherently provide good isolation — as the attack surface on hypervisors is really small — containers still rely on borrowed security. They depend on underlying technologies on which they are built and, of course, careful configuration by humans, as well. You can see where the potential issues might be.