2016 was a big year for the virtual container space, and 2017 looks even more promising. The industry saw tremendous growth and continues to evolve at a rapid pace. Containers, being still relatively new, present challenges in security, but the past year has seen much progress in addressing those challenges. As 2016 comes to a close, let’s reminisce on the most important milestones in the container market, more or less in chronological order:
1. The Release of Docker 1.10
In early February, Docker released Docker 1.10, the new Compose version, which made it easier to define and run complex distributed apps, setting up multiple network tiers and complex storage configurations. It offered user namespace for isolating system users, seccomp profiles for filtering system calls and an authorization plugin architecture for restricting access to Docker features, making it a big release for security.
2. CNCF Adopts Kubernetes as a Standard Cloud-Native Technology
In March, Cloud Native Computing Foundation adopted Kubernetes, an open-source system for automating deployment, scaling and management of containerized applications. This marks an opportunity to support the emergence of standard interfaces, and a fully automated software world.
3. The Release of Docker 1.12
In June, Docker released Docker 1.12 with several updates—the most notable being the addition of Swarm to the Docker Engine open source, adding built-in orchestration capabilities. While useful to many users, this move stirred huge controversy and even talks of forking the project. Especially among those who use Kubernetes or Mesos, the issue was the Docker code was made more complex with features they don’t necessarily need. I sense this issue is “to be continued.”
4. Vine’s Docker Registry is ‘Hacked’
In July, a security researcher who uses the online pseudonym ‘avicoder’ discovered Vine’s source code after accessing Vine’s Docker registry, which was basically left wide open due to the lack of proper configuration. Despite being a large, savvy-tech company, Vine’s platform was at serious risk due to negligence of basic security practices that had nothing to do with vulnerabilities in Docker itself, but is nonetheless characteristic of mistakes companies make when adopting new technologies without reading the manual.
5. Docker Hub Hits 5 Billion Pulls
In August, Docker hit a major milestone, as its service hit 5 billion pulls. This shows tremendous growth, as Docker had just hit 2 billion pulls in February—a big accomplishment at the time. Such growth indicates that the software development industry is recognizing the challenges ahead. As companies are required to pack many more applications into a single physical server, creating a container-based cloud data center is becoming imperative to many software-as-a-service (SaaS) providers.
6. Windows Launches Server 2016 with Built-In Docker Support
In early September, Windows launched Windows Server 2016, which allowed users to run Docker containers on Windows Server. This was a big move, making containerized software development available beyond Linux or open-source servers. Now Windows developers also can rapidly build, test and deploy containerized applications.
7. Mesosphere Releases Its Own Container Engine
In late September, Mesosphere released DC/OS 1.8 that included DC/OS universal container runtime. This important addition allows DC/OS users to deploy Docker images without depending on the Docker daemon. As a result, DC/OS users have a new container format option that could be better-suited for their needs. Was this a direct response to Docker 1.12? Possibly.
8. Container Ecosystem Gets Serious Funding
The buzz around containers has been soaring for the last two years, with 31 percent of developers saying that they’ve used Docker or containers in 2015. Investors have noticed this trend and also big companies have been jumping on this bandwagon. Thus, throughout 2016, several companies in our ecosystem received funding, including us—at the end of September, Aqua Security announced $9 million in Series A funding led by Microsoft Ventures.
9. Dirty COW Vulnerability Dumps on Containers
By November, word spread about the “Dirty COW” (Copy-On-Write) Linux kernel vulnerability, forcing a multitude of patches in the Linux community. In exploiting this vulnerability, remote attackers can elevate privileges and write to read-only memory, and this can also be done from within a container. We wrote about the impact on container security in our blog, where we shared our recommendations for mitigation.
10. 2017: More Is Sure to be Shall Be Revealed
Reflecting on 2016, it was an exciting year in the virtual container community. However, we realize we have many challenges ahead of us. As virtual containers continue to evolve and get deployed in larger production environments, we uncover new security concerns and unique challenges.
About the Author / Rani Osnat
Rani Osnat is the VP of Marketing for Aqua Security, responsible for the company’s marketing activities worldwide. Rani spent a decade as VP Marketing in innovative tech startups in the IT security and cloud arenas. Previously Rani was a management consultant in the London office of Booz & Co, and also held product management and product marketing positions in enterprise software company Enigma. He holds an MBA from INSEAD in Fontainebleau, France.