Security has, and continues to be, an impediment to container adoption. Whether containers are less or more secure than their virtual machine counterparts is a topic of continued debate.
Like any debate, there are merits to arguments on both sides with a bit of FUD interlaced. Many efforts have been undertaken within the container ecosystem to educate adopters and improve their comprehension of available tooling and security postures within platforms and offerings—be that in the form of static analysis (image scanning), runtime vulnerability detection, provenance (image signing), fine-grained authorization, cryptographic verification, etc.
The breadth of need for improved security capabilities has provided an opportunity for emerging start-ups to focus specifically on the container security space and others to dedicate their company's mission to securing the Internet. Having spent time with most of the vendors in this space, I'll say that as you might expect, it's a quickly changing landscape. One thing is evident: open source communities and vendors at every layer—from hardware through operating system, container runtime, container image, host-to-cluster orchestrator, PaaS to CaaS—have significantly marshalled forward security-centered improvements in the past year.
To read this article in full or to leave a comment, please click here