Stone Door Group

View Original

4 Myths About Docker

Containers and supporting digital transformation technologies that allow for continuous deployment of applications are the future of hybrid cloud computing. A report released by Gartner confirms that the adoption of container technology is multiplying: “By 2022, more than 70% of global organizations will be running more than two containerized applications in production.” IBM/Red Hat, Mirantis, AWS, VMWare, Azure, and Google now all have productized versions of Docker that enterprises can adopt. Despite the widespread adoption, there are still some myths about Docker and containerization that can lead to hesitancy in adoption of hybrid cloud solutions.  

Myth #1: Containers are Just Smaller VMs

This is one of the most common misconceptions about containers; you may have heard some people calling them “lightweight VMs.” Even though both technologies share some characteristics, there is a crucial difference, the underlying architecture.  

That architecture is fundamentally different. Containers share the underlying resources of the Docker host. With containers, applications (made of services) can be broken down into smaller components; additionally, your data doesn’t live there. Containers are stateless and immutable. VMs are designed with everything packed into a single binary, the application code, and stateful data. 

Myth #2: Containers Aren’t Secure

The belief that containers aren’t secure is based on the fact that containerized applications run within the same space as the host operating system. This leads to thinking that it would be easier to escalate privileges from inside of the container and then take control of other containers.

However, the design of containers does not make them insecure. Containers follow the principle of least privilege, and isolation is established by default to limit access to required resources. 

Myth #3: Docker is Cloud-Centric

Containers can run on internal networks and infrastructure. Orchestration technologies, like Docker Swarm and another popular choice, Kubernetes, can reduce the burden of maintenance, regardless of your physical hardware allocation. 

Docker Registry allows you to pull container images and build on them within your own network boundaries, offering you access to sensitive data that needs to be kept within your physical location. 

Myth #4: Compliance is Hard with Containers

It is, in fact, the opposite. Compliance is easy with containers because they use policies that enable you to architect an infrastructure that you can audit. These policies can be applied across clusters, scaling your auditing abilities. Containerization enables policy-based automation of access control rules (such as RBAC) that adhere to both industry and government regulations. 

Through the use of these policies, organizations can enforce the security of images. These images can be sourced from your private repository and regularly scanned for vulnerabilities. From here, applications can be promoted to production in a manner that aligns with the organization’s compliance policies.

Moving Forward

As you can see, the misconceptions or myths regarding Docker and containers cover multiple aspects of your organization. As IT organizations adopt containerized technology to drive hybrid cloud computing, more companies are discovering that their security has in fact, been improved.

About the Author

Amber Ernst is a Docker Certified Associate and Docker Accredited Instructor for Stone Door Group. Amber is a Docker and Kubernetes expert who currently teaches all courses in Mirantis’s official training catalog and is based in San Antonio, TX.

ABOUT STONE DOOR GROUP

Stone Door Group is a Hybrid Cloud and DevOps consulting company that delivers successful digital transformation projects in the private and public sectors. Stone Door Group is a team of leading experts in Hybrid Cloud and DevOps technologies. To speak with Amber and our team, send us an email at letsdothis@stonedoorgroup.com