Docker Security and Best Practices

 Appears first in http://blog.docker.com by By Diogo Mónica.

Nathan McCauley and I have been working on a bunch of things since joining Docker. One area that we noticed is lacking is in the availability of information around Docker architecture and best practices in securely configuring and deploying Dockerized applications. This knowledge exists across the vast community of Docker users but we realized that we just haven’t gotten around to writing it down and sharing with everyone else.


As part of that process, Jérôme Petazzoni and I joined representatives from VMware, Rakuten, Cognitive Scale and International Securities Exchange to collaborate with the Center for Internet Security on a benchmark for Docker Engine 1.6. The CIS Security Benchmarks program provides well-defined, unbiased and consensus-based industry best practices to help organizations assess and improve their security.   We believe that unbiased and community driven benchmarks like this are important in providing a set of best practices and recommendations to configure your linux host and the docker engine. Download the benchmark here:


Additionally we authored our first Docker white paper called “Introduction to Container Security.”   This paper explains how containers work and what that means for application isolation and operational security. It lays the foundation for understanding how the engine works under the hood.


This is just the beginning of our efforts to make information around Docker and security more readily available. Check out our security page to learn more and subscribe to our security announcements.