Q
Get started Bring yourself up to speed with our introductory content.

Open Container Project: Does it improve container security?

The Open Container Project is creating a standard container image format and runtime engine. Expert Dan Sullivan explains how it can improve container security.

I read about how Docker and CoreOS recently teamed up on a new Linux Foundation effort called the Open Container...

Project. What is the Open Container Project, and how will open standards improve the security of software containers?

The Open Container Project, also known as the Open Container Initiative, is a tightly focused effort to create a standard container image format and runtime engine. The project is organized under the auspices of the Linux Foundation. Although Docker is practically a de facto standard, an alternative from Linux software provider CoreOS, called rkt, was different enough from Docker to introduce the potential for fragmentation in the container industry.

It is hard to envision software developers gaining a competitive advantage by having fragmentation at a key level of the software stack; in fact, it is more likely to stunt development and introduce unnecessary cross-platform issues. Major software and services vendors -- including Google, RedHat, Oracle, Suse and VMware -- joined Docker, CoreOS and the Linux Foundation to establish the Open Container Project.

One of the driving goals of the project is to develop a secure container standard. This includes protecting the isolation of processes and resources within a container. The standard will also include support for strong cryptographic primitives, application identity services and image auditing features.

The members of the project plan to create a minimalist standard that helps ensure container security without addressing supporting tools, such as launching cloud servers or running clusters. CoreOS was motivated to build rkt in part because the scope of the Docker project expanded beyond the initial focus of a container standard. There was also concern about the need to run Docker primarily as root.

The ability to build secure container images will help improve security indirectly as well. For example, a team can justify a significant time investment to harden an application image if it will be used repeatedly. Containers lend themselves to automated deployment, which can help reduce the risk of mistakes that can occur with manual deployments. Also, automation scripts can be reviewed to ensure proper security controls are deployed along with containers. These benefits would exist if there were multiple container standards, but would require additional effort and resources to maintain.

Ask the Expert:
Want to ask Dan Sullivan a question about cloud security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Learn more about containerization, Docker security in the enterprise, and the differences between Docker and CoreOS.

This was last published in October 2015

Dig Deeper on Cloud Network Security Trends and Tactics

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you think the Open Container Project can improve container security?
Cancel
I think that it can help improve container security. Addressing the issue of fragmentation should itself go a long way towards limiting vulnerabilities exposed by working with different standards. Still, security is a complex issue, and security is bound to benefit by having companies like Google, RedHat and Oracle contribute differing perspectives.
Cancel
It’s good to see that key players within the industry are taking steps to prevent fragmentation before it becomes are major problem.
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

Close