August 16, 2017

Aqua Container Security Platform launched recently as the latest entry into the container scene, promising enterprise-ready security and compliance for container environments.

General availability of the new platform was announced May 18 by Aqua, an Israeli company formerly known as Scalock. The Aqua/Scalock tool had been available since 2015 as a private beta and was used by “more than a dozen enterprise customers,” according to the company.

The Aqua team also released a security scanner, Peekr, to the public back in February.

The fact is not lost on Aqua that other container companies have made strides in the security space while the Aqua platform was in beta. In particular, CoreOS and Docker both debuted their own security scanners—named Clair and Docker Security Scanning, respectively—earlier this spring.

But Aqua CEO Dror Davidoff thinks the industry demands more if companies are to adopt containers seriously. “We’ve seen Docker, CoreOS and other vendors in the ecosystems make meaningful strides to improve the security stance of containerized applications,” he wrote on the company’s blog. “Does that still leave room for a dedicated security platform for containers? The answer we got from our customers, our partners and industry analysts that we briefed was a resounding ‘yes, plenty.'”

To that end, Aqua is pitching its software as “the industry’s most comprehensive solution for securing containerized environments.” It emphasizes that the platform does more than just scan images; it also provides run-time protection, access control and auditing. And it integrates with major continuous integration/continuous delivery platforms, according to the company.

Features vs. Openness

From an ecosystem perspective, the Aqua release is important because Aqua is indeed one of the first vendors to offer what it describes as a complete container security solution, which touches all the bases. From a features standpoint, Aqua certainly beats the Docker and CoreOS tools.

It might matter to some customers, too, that Aqua supports on-premise deployments. Clair and Docker Security Scanning are designed primarily to run as part of the container registry services hosted by those companies. They’re less useful if you don’t use a container registry from CoreOS, Docker or one of their partners.

On the other hand, Aqua’s solution is not open source and it currently supports only Docker and Windows containers (which, to be sure, are the only containers that really matter right now for commercial purposes, but they’re still not the entire picture). That means the company is likely to face skepticism from organizations that want a more open, pure-play approach. For that crowd, the tools from Docker and CoreOS, which integrate more openly into the ecosystem, will prove more attractive.

But it’s not as if customers currently have a lot of room to nitpick about openness. If they need an all-around container security solution now, Aqua is one of the only games in town.

Christopher Tozzi

Christopher Tozzi has covered technology and business news for nearly a decade, specializing in open source, containers, big data, networking and security. He is currently Senior Editor and DevOps Analyst with Fixate.io and Sweetcode.io.