CoreOS Adopts Security-Centric Approach to Containers

What’s the big difference between CoreOS and Docker? The belief that the greatest dividends to be reaped from containers is security. That, at least, was the message from CoreOS CEO Alex Polvi in a recent talk about the company’s vision.

Speaking at Container World last month, Polvi explained that the biggest challenge that CoreOS thinks it can solve is poor security on the Internet. The reasoning goes like this: Security is bad because software is hard to update. Software is hard to update because updates are difficult to apply. Updates are difficult to apply because infrastructure is big and unwieldy — meaning that applying software updates could lead to unexpected problems.

So the solution to all of the Internet’s security woes, as CoreOS sees it, is simple: Make infrastructure more flexible and resilient so you can update it more effectively. Then watch security challenges disappear.

Containers, of course, are the key to improving infrastructure. They can deliver what Polvi called “Google Infrastructure for Everyone,” or GIFEE. They let anyone have a distributed computing framework with hyper-availability and automatic failover.

And, of course, CoreOS promises to enable this Google-like infrastructure without requiring Google-like capital investments.

Differentiating CoreOS

Polvi’s speech was notable because it summarized, perhaps better than anything else the company has done to date, how CoreOS sees itself contributing to the enterprise market. As of now, the company’s rkt container platform is still relatively new. The CoreOS ecosystem remains incomplete. It’s not completely clear how CoreOS plans to compete in the long term against the likes of Docker, which has a more mature software platform.

But the company’s focus on security adds some clarity. If CoreOS can position itself as the secure container vendor — something it started to do last fall by releasing the Clair security scanning tool — it stands to gain a key advantage vis-à-vis Docker.

That’s especially true because security has been something of a thorn in Docker’s side since its origins. As Nuage Networks put it plainly in 2015, for instance, “Docker Containers Need Security!”

To be sure, the Docker security scene has improved over the past year. Whether Docker actually still underperforms from a security perspective is debatable. But that doesn’t erase the perception, which is already established within the ecosystem, that Docker suffers from poor security.

The never-ending stream of headlines about data breaches at major businesses makes the time ripe for a security-focused pitch, too. Whether for compliance reasons or just to avoid embarrassing leaks of customer data, companies are now more primed than ever to want to invest in more secure infrastructure.

Against this backdrop, CoreOS can build an opening for itself by pitching its containers as the ones that will assure the security of the Internet. That’s exactly what Polvi’s message at Container World seemed to be — and we can expect it to remain at the core of the CoreOS value proposition as the company moves forward.

Christopher Tozzi

Christopher Tozzi has covered technology and business news for nearly a decade, specializing in open source, containers, big data, networking and security. He is currently Senior Editor and DevOps Analyst with Fixate.io and Sweetcode.io.

Christopher Tozzi has 254 posts and counting. See all posts by Christopher Tozzi