Docker Security – Top 10 tips

sergio loureiro speaker cloud expo london on docker security

Best Docker Security Practices

Greetings from London at Cloud Expo!

I was thrilled to attend and be one of the speakers at Cloud Expo London 2016. My talk was about the security of containers and you may find it here.

I tried to do a parallel between last architectural evolutions, such as virtualization and cloud, and its security implications. We have new issues brought by the new technology and we need to adapt our security operations to cope with it.

Here they are, the 10 tips categorized on 3 phases:

A. UNDERSTAND and PLAN your docker security

1. Audit Regularly your infrastructure, test like you test your code

2. Keep it simple… (KISS) -> containers are a good step to simplify

3. Understand and test attack surface of each technology

B. TEST and CORRECT: Operations

4. Run trusted (=tested) containers

5. Automate everything to avoid manual errors and cost reduction, use APIs, no agents

6. Perform often vulnerability assessment

7. Use tools that cope with bare metal, virtual, cloud and containers (legacy in not going to disappear)

8. Patch and Remediate rapidly or replace containers with updated versions


9. Monitor KPIs and risk, not logs and vulnerabilities -> actionable data

10. Keep C-level informed, your budget depends on that for the next new technology

And if you want to further information on the subject, please look at Elastic Security blog post, that dives on an implementation of these best practices:

Always glad to open the discussion about it, please leave a comment.



Sergio Loureiro SecludIT-

Sergio holds a Ph.D. in computer science from the ENST Paris and MSc and BSc degrees from the University of Porto (Portugal). He is the holder of 3 patents.
Sergio Loureiro is one of the co-authors of the Security Guidance for Cloud Computing done by the CSA in December 2009 (V2.1). The CSA is working with the ISO towards standards on the cloud security domain.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.