Browse Definitions :
Definition

secure container

A secure container is a lightweight, executable software package that has been isolated from other software or processes running on the same virtual or physical host. The purpose of containerization (also known as sandboxing) is to prevent intruders and malicious code from interacting with other applications and data in an unauthorized manner.

For example, in a mobile security context, a secure container might consist of a logical area of an employee's smartphone in which corporate applications and data are isolated from the owner's personal data and apps. This approach to using secure containers in mobile device management (MDM) is also known as dual persona.

Today, security and isolation concerns for containers are a top priority for industry vendors who have split their applications into services and microservices. Strategies for keeping containers secure include reducing the attack surfaces in container images, avoiding the use of public container images and implementing role-based access controls (RBAC) to limit privileges.

Container security strategies seek to limit what a container root user can do outside the container or the host on which the container runs. While most of the best-known techniques in container security restrict attackers' access to hosts and other back-end systems from compromised container instances, experts warn that prevention of unauthorized access to application programming interfaces (APIs) is critical, too.

The market for secure container tools is still emerging and selection and finding the right tool can be difficult, especially when large security and DevOps teams share responsibility for containerized applications. For example, the decision for whether to use Trend Micro or Twistlock may boil down to whether the customer prefers to have container security be a feature set of a more comprehensive security information and event management (SIEM) product or remain a dedicated product that is the sole focus of the security vendor's expertise.

This was last updated in February 2019

Continue Reading About secure container

SearchCompliance

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

  • information governance

    Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and ...

  • enterprise document management (EDM)

    Enterprise document management (EDM) is a strategy for overseeing an organization's paper and electronic documents so they can be...

SearchSecurity

  • denial-of-service attack

    A denial-of-service (DoS) attack is a security event that occurs when an attacker makes it impossible for legitimate users to ...

  • information security (infosec)

    Information security, often shortened to infosec, is the practice, policies and principles to protect data and other kinds of ...

  • user authentication

    User authentication verifies the identity of a user attempting to gain access to a network or computing resource by authorizing a...

SearchHealthIT

SearchDisasterRecovery

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

SearchStorage

  • cloud storage

    Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, ...

  • cloud testing

    Cloud testing is the process of using the cloud computing resources of a third-party service provider to test software ...

  • storage virtualization

    Storage virtualization is the pooling of physical storage from multiple storage devices into what appears to be a single storage ...

Close