At the end of 2016, the tools available to secure Docker containers are mostly capable only of solving specific...
security challenges. Registry scanners like CoreOS Clair and Docker Security Scanning help to secure container images. Security-Enhanced Linux can harden the Docker daemon. Container-ready monitoring tools assist in identifying anomalies in running containers that could signal security problems.
None of these tools provide end-to-end container security for the entire container stack. Solutions that do that are rare.
But they are gaining steam. Aqua Security, which offers container security solutions designed for the entire stack, picked up $9 million in its first round of funding this fall. Around the same time, FlawCheck made headlines by becoming the first vendor focused on container security to be acquired by a larger security company.
These are signs that end-to-end container security solutions will become more widely available in 2017. And they will be built by independent vendors who focus specifically on container security, rather than being side-projects of companies like Docker and CoreOS that develop container technology themselves.
Containers stop being all about Docker
Today, when most people think of containers, they immediately think of Docker, the company that played the leading role in making Linux container technology attractive to enterprises.
But Docker is not the only company involved in container development. Nor is Docker the only container platform.
In 2017, expect container technologies other than Docker to become more important. These include LXD, a system container platform supported by Canonical that saw its first production release last spring. OpenVZ, a system container solution that has been around for years, may also gain more traction as organizations begin looking beyond Docker.
LXD and OpenVZ are not alternatives to Docker. They are complements to Docker containers. They are designed to containerize a complete operating system, inside which companies can then run Docker containers.
Battle lines harden within the ecosystem
Most container technologies are open source. As a result, they are all theoretically compatible.
Yet, as an increasing number of enterprise-ready container products appeared in 2016, it became clear that different vendors are now staking out competing claims to the container market.
In one corner of the arena is Docker. In summer 2016, the company baked its Swarm orchestrator into the core Docker platform. Since then, it has shown no signs of ceasing its effort to push a container software stack that relies solely on Docker technology rather than that of the company's competitors.
Meanwhile, Red Hat, CoreOS and other vendors have been building competing container stacks oriented around Kubernetes, a different container orchestrator. Last fall, Red Hat even introduced Open Container Initiative Daemon that it says is Docker-compatible, but which marked a clear split from reliance on Docker standards. That move followed widespread discussion of a Docker "fork", which has not fully happened yet but still could.
In 2017, expect the container ecosystem to remain divided between the Docker and Red Hat/CoreOS halves.
Containers as a service explodes
Another likely bet for 2017 is a steep increase in adoption of containers as a service, or CaaS, platforms.
CaaS allows organizations to deploy containers without having to build the entire container software stack themselves. Instead, they can deploy a CaaS, which comes prebaked with everything required to run containers -- from a container runtime to an image registry to an orchestrator.
Some CaaS platforms, like Amazon's Elastic Cloud Compute Container Service and Azure Container Service, also come with infrastructure as part of the package. Other CaaS offerings, such as Rancher and OpenShift, can be run on premises or in a cloud-based virtual server.
Both types of CaaS options are poised to become increasingly important in 2017 as companies look for an easy way to implement container technologies without building everything themselves.
Docker talent becomes easier to find
One factor that limited enterprise adoption of containers during Docker's early years was a lack of admins and developers who were deeply familiar with containers.
Since few people were talking about Linux containers before Docker debuted in 2013, containers were not something most people had used before in school or their jobs.
But that has changed as Docker has become massively popular. Docker training courses are now readily available from Docker itself as well as other groups. Plus, more engineers can now boast container experience from having worked with Docker in their jobs.
The result is that companies will now have an easier time finding qualified engineers to design and manage production container technologies.
What you need to know about CaaS
CaaS challenges and best practices
How to secure containers