Browse Definitions :
Definition

secure container

Lisa Phifer
By

A secure container is a lightweight, executable software package that has been isolated from other software or processes running on the same virtual or physical host. The purpose of containerization (also known as sandboxing) is to prevent intruders and malicious code from interacting with other applications and data in an unauthorized manner.

For example, in a mobile security context, a secure container might consist of a logical area of an employee's smartphone in which corporate applications and data are isolated from the owner's personal data and apps. This approach to using secure containers in mobile device management (MDM) is also known as dual persona.

Today, security and isolation concerns for containers are a top priority for industry vendors who have split their applications into services and microservices. Strategies for keeping containers secure include reducing the attack surfaces in container images, avoiding the use of public container images and implementing role-based access controls (RBAC) to limit privileges.

Container security strategies seek to limit what a container root user can do outside the container or the host on which the container runs. While most of the best-known techniques in container security restrict attackers' access to hosts and other back-end systems from compromised container instances, experts warn that prevention of unauthorized access to application programming interfaces (APIs) is critical, too.

The market for secure container tools is still emerging and selection and finding the right tool can be difficult, especially when large security and DevOps teams share responsibility for containerized applications. For example, the decision for whether to use Trend Micro or Twistlock may boil down to whether the customer prefers to have container security be a feature set of a more comprehensive security information and event management (SIEM) product or remain a dedicated product that is the sole focus of the security vendor's expertise.

This was last updated in February 2019

Continue Reading About secure container

SearchCompliance
  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

SearchSecurity
  • cyberterrorism

    According to the U.S. Federal Bureau of Investigation, cyberterrorism is any 'premeditated, politically motivated attack against ...

  • biometrics

    Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.

  • privileged access management (PAM)

    Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an ...

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

SearchStorage
  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

  • VRAM (video RAM)

    VRAM (video RAM) refers to any type of random access memory (RAM) specifically used to store image data for a computer display.

  • virtual memory

    Virtual memory is a memory management technique where secondary memory can be used as if it were a part of the main memory.

Close