In this special guest feature, Ash Wilson, Strategic Engineering Specialist at CloudPassage, has put together a list of tips and actions for those looking to implement or are currently investing in container technology. Ash Wilson is originally from Apison, Tennessee, and has been living in San Francisco since 2012. He has been a paid tech worker since March 2000, and a hobbyist long before that. He came to security via network engineering and systems administration. Ash spent the last five years in post-sales engineering and strategic engineering for security product companies and currently works for CloudPassage.
In recent years, container adoption at the enterprise level has increased exponentially thanks to containers’ ability to provide the fastest widely available application development and deployment to date. They look very similar to extremely lightweight virtual machines with lean system requirements. Containers are faster to launch, easier to deploy, and operate on shorter average lifespans. They’re also portable with a small footprint, so a server can support far more containers than VMs—which means lower infrastructure costs. Enterprises are realizing the benefits: in the 2017 edition of the Portworx Annual Container Adoption survey, 32 percent of responding companies spent $500,000 or more per year on license and usage fees for container technologies, up from a reported five percent in 2016. As more businesses look to makes their DevOps processes more efficient in both cost and production, this rapid growth is expected to continue.
When considering investing in containers, make sure to have clear expectations of the benefits you expect to gain before you broadly adopt containerization. There are many tools and platforms that can help with aspects of automation for the containerized environment. It helps to understand what the ecosystem will look like before you implement it, as there can be a learning curve for enterprises previously unfamiliar with container adoption. This is particularly true when it comes to delivering and securing a containerized application. If you aren’t sure of the best use for containers, the ease of conversion means ephemeral workloads are usually a good target. Workloads requiring persistent disk storage (like database servers, for instance) can require a little more effort to containerize.
Be sure to periodically revisit your build processes and refactor for smaller containers with fewer layers in order to maintain the most effective and efficient containers usage. Keep an eye on resource utilization, especially around storage—persistent storage is the most common challenge for running containers.
Containers are a great way to add agile delivery to an agile development process. By increasing developer efficiency and offering easier and faster deployment, they represent the next step in the evolution toward faster application development and delivery. The biggest advantages of container adoption center around enabling agile delivery and ease of delivering microservices. Adopters are quick to exploit these advantages. Docker, the most popular container orchestration tool, has seen the average user quintuple their container count within nine months.
Of course, security must be a high priority—just like any other method of application development. Though a containerized application bears some similarity to a more traditional application on virtualized infrastructure, the technology is different enough that in order to protect containers, you must take a slightly different approach. Using containers without a strong automated approach to security is like buying the front half of a race car. Sure, it can go fast; it’s also really lightweight. But you wouldn’t expect to be able to avoid obstacles in a race car missing the back two wheels. In that same vein, you wouldn’t maintain high expectations for a containerized application without automated security. Without automated security, you’ll either throw caution to the wind and hit the wall in a grandiose résumé-generating event, or you’ll operate at a safe speed (meaning that you’ll be slowed down by the operating speed of traditional security tools).
An effective security practice is baked into the development process from the start. When everything (including infrastructure and operating constraints) is defined in code, you have an opportunity to thoroughly analyze an application before it reaches production. Do that, and favor tools that can be fully embedded into your software development and application delivery pipeline. Manage vulnerabilities in configuration and software packages as early in the process as possible. Don’t include secrets in container images or source code repositories; be smart in how you deliver application credentials like API keys.
A container only holds an instance of an application, not an entire operating system. This means you must be cognizant of resource requirements and restrict running containers accordingly. VMs have the implied boundary of the VM’s memory and CPU allocation. The same configuration for containers requires a deliberate effort. Appropriate resource restrictions can serve to make a DDOS harder to execute. Perhaps most importantly, the host has to be secure: protecting only the containers and not the underlying host the containers run on is like building a great house on a shaky foundation. For the foreseeable future, enterprises will have a mix of containers and VMs. You must secure them both.
Container adoption is the way to go if you’re looking to make your DevOps teams faster, more secure, and more efficient. Their popularity will continue to rise in the coming years. If your business is considering container adoption, make sure your entire team has a solid understanding of expectations and security requirements in order to truly maximize their capability and effectiveness.
Sign up for the free insideBIGDATA newsletter.
Speak Your Mind