Containers are more secure than apps running on a bare OS and organisations that like not being hacked therefore need to seriously consider a move, according to analyst firm Gartner.
Analyst Jeorg Fritsch, in a new document titled How to Secure Docker Containers in Operation says “Gartner asserts that applications deployed in containers are more secure than applications deployed on the bare OS” because even if a container is cracked “they greatly limit the damage of a successful compromise because applications and users are isolated on a per-container basis so that they cannot compromise other containers or the host OS”.
Which is not to say that containers are perfect: the paper acknowledges that they possess “… innate security properties that make them vulnerable to kernel privilege escalation attacks” and are therefore “not the right tool for high-risk-assurance isolation.”
The paper nonetheless advocates that organisations “Benefit from the security of Linux containers by using a ‘container first’ approach” and “Deploy internet-exposed applications in Docker containers with best-practice security whether or not you do CI/CD/DevOps.”
Read more at The Register