Docker Volume Data Security Query

Hi All,
I’m a Linux System Admin, new to Docker. Our education based business wants to look at containerising some of our applications (RHEL 6 based), primarily to make scale-out easier to achieve at busy times of year.

I have a specific question about data security when using Docker Volumes.

It seems to me from the reading a training that I’ve done recently that any docker volume can be mounted on any container on a particular docker host. So my question is, how do you ensure data security between different applications/services when you have containers providing different applications on the same docker host?

In other words what is to stop a volume containing data written by containers providing one application, from being accidentally or purposefully mounted and accessed within containers that are providing an unrelated application?

I understand the differences between containers and VMs, but it seems to me like it would be similar to letting one VM mount data from an unrelated VM running in the same VMWare environment, which I’m pretty sure would be very undesirable in most cases.

And what prevents docker admins (who may have no connection to or rights over the applications running in the containers) from accessing the data directly on the docker host?

I may be mis-understanding things so any help, advice or pointers would be gatefully received.

Thanks,
Brett