The Year That Was (Almost) - 10 Milestones in The Container Ecosystem
2016 was a big year for the virtual container space, and 2017 looks even more promising. The industry saw tremendous growth and continues to evolve at a rapid pace. Containers, being still relatively new, present new challenges in security -- but this year has seen much progress in addressing those challenges.
As the year comes to a close, let’s reminisce on ten of the most important milestones in the container market during 2016, more or less in chronological order:
1. The Release of Docker 1.10
In early February of 2016, Docker released Docker 1.10, the new Compose version made it easier to define and run complex distributed apps, setting up multiple network tiers and complex storage configurations. It offered user namespace for isolating system users, seccomp profiles for filtering system calls, and an authorization plugin architecture for restricting access to Docker features, making it a big release for security.
2. CNCF Adopts Kubernetes as a Standard Cloud-Native Technology
In March of 2016, Cloud Native Computing Foundation adopted Kubernetes – an open-source system for automating deployment, scaling, and management of containerized applications. This marks an opportunity to support the emergence of standard interfaces, and a fully automated software world.
3. The Launch of Aqua Security
Not that we like to blow our own horn - but we must. In May of 2016, we rebranded and launched the container security company you now know as Aqua Security. The idea was to break away from the mold of IT security firms with names including “lock” and “shield” and move in a direction that better reflected the virtual container ecosystem and the new, fluid approach to container security. One that isn’t a showstopper but an enabler, and that flows with the containers as they move through their lifecycle stages. Since our launch, we've been hard at work making this vision a reality.
4. The Release of Docker 1.12
In June of 2016, Docker released Docker 1.12 with several updates – the most notable was the addition of Swarm to the Docker Engine open source, adding built-in orchestration capabilities. While useful to many users, this move stirred up huge controversy and even talks of forking the project. Especially among those who use Kubernetes or Mesos, the issue was the Docker code was made more complex with features they don’t necessarily need. I sense that this one is “to be continued”.
5. Vine’s Docker Registry is “Hacked”
In July of 2016, a security researcher who uses the online pseudonym ‘avicoder’ discovered Vine’s source code after accessing Vine’s Docker registry, which was basically left wide open due to the lack of proper configuration. Despite being a large, savvy tech company, Vine’s platform was at serious risk due to negligence of basic security practices that had nothing to do with vulnerabilities in Docker itself, but is nonetheless characteristic of mistakes companies make when adopting new technologies without reading the manual.
6. Docker Hub Hits 5 Billion Pulls
In August of 2016, Docker hit a major milestone as their service hit 5 billion pulls. This shows tremendous growth as Docker had just hit 2 billion pulls in February of 2016 – a big accomplishment at the time. Such growth indicates that the software development industry is recognizing the challenges ahead. As companies are required to pack many more applications into a single physical server, creating a container based cloud data center is becoming imperative to many SaaS providers.
7. Windows Launches Server 2016 with Docker Support Built-In
In early September of 2016, Windows launched Windows Server 2016 which allowed users to run Docker containers on Windows Server. This was a big move, making containerized software development available not just on Linux or open source servers. Now Windows developers can also rapidly build, test, and deploy “containerized” applications.
8. Mesosphere Releases Its Own Container Engine
In late September of 2016, Mesosphere released DC/OS 1.8 that included DC/OS universal container runtime. This important addition allows DC/OS users to deploy Docker images without depending on the Docker daemon. As a result, DC/OS users have a new container format option that could be better suited for their needs. Was this a direct response to Docker 1.12? Possibly.
9. Container Ecosystem Gets Serious Funding
The buzz around containers has been soaring for the last two years with 31% of developers saying that they’ve used Docker or containers in 2015. Investors have noticed this trend and also big companies have been jumping on this bandwagon. Thus, throughout 2016, several companies in our ecosystem received funding. At the end of September, Aqua Security proudly announced $9 million in Series A funding led by Microsoft Ventures – only 11 months after seed funding.
10. Dirty COW Vulnerability Dumps on Containers
By November of 2016, word spread about the “Dirty COW” (Copy-On-Write) Linux kernel vulnerability, forcing a multitude of patches in the Linux community. In exploiting this vulnerability, remote attackers can elevate privileges and write to read-only memory, and this can also be done from within a container. We wrote about the impact on container security in our blog, where we shared our recommendations for mitigation.
Reflecting on 2016, it was an exciting year in the virtual container community. However, we realize we have many challenges ahead of us. As virtual containers continue to evolve and get deployed in larger production environments, we uncover new security concerns and unique challenges.
As mentioned earlier, Aqua ensures that security flows seamlessly with container functions. Request a demo and start the new year realizing the full potential of containers, safely and securely.