DevOp’s value to the organization depends on speed; velocity is a critical success measure on the road to digital transformation. While DevOps leaders understand the value of security by design, many struggle to create a secure code pipeline. In fact, according to a report, 71 percent of industry professionals said their team lacks adequate knowledge of security best practices, such as container security and continuous delivery.

Integrating security into the entire application life cycle without sacrificing speed isn’t simple. Countless organizations face a clear and overwhelming need to update both process and infrastructure for secure digital transformation.

Containerization can offer immense benefits on the road to digital transformation. Adopting containers creates agility throughout the application life cycle for more strategic services, clouds and iterations. There are some automatic security benefits to a containerized infrastructure, such as faster deployments and better application resiliency. It’s not a perfect cure, though. Poor container orchestration or isolation can introduce new security challenges.

Informed adoption is key to maximize the benefits of a container-first application strategy. Orchestration is critical to optimize potential benefits and manage container security. And the shift to container-based microservices can help organizations simplify the shift to secure DevOps (DevSecOps) by creating automation throughout the code pipeline. But to build an effective business case for secure containerization, security leaders should understand both the benefits and the risks on the road to adoption.

3 Common Use Cases for Containerization

Transformation requires agility, and it’s likely that the future of enterprise app ecosystems will be closely tied to containerization technology. Put simply, containerization is a strategy for packaging applications into scalable, modular microservices. Container images are easily portable between environments, facilitating workload optimization. Container adoption allows DevOps to continuously deploy independent updates to service modules without impacting application performance.

A container-first cloud strategy can facilitate efficient DevOps. When continuous deployment is aligned with business units, there’s an immense benefit for the entire enterprise. According to IBM cloud experts, the three most common enterprise use cases for container adoption are modernization, transformation and cloud transformation.

  1. Modernization — A complex cluster of interdependent legacy applications carries hefty maintenance requirements. Modernizing legacy apps with containerization can free AppOps from burdens such as configuration drift and custom code by isolating services into independent entities.
  2. Transformation — Containerization can significantly decrease the speed of creating cloud-native capabilities. Open technologies and effective isolation of container images help DevOps build, test and deploy apps with speed.
  3. Cloud advantage — Containerization frees the enterprise from being locked into a cloud platform by creating flexibility throughout the application life cycle. Container orchestration can automate resource management, scaling and optimize cloud performance.

Making a Business Case for Secure Containerization

Switching from an “antiquated” infrastructure to orchestrated containerization enabled one major enterprise content management organization to reduce microservice deployment times from three weeks to five hours. Adopting containerization can provide an opportunity for greater ecosystem orchestration.

However, understanding the barriers to benefits is key to making an effective business case. A solid strategy for container adoption can enable organizations to unlock code pipeline efficiency, application resiliency and agility, among other benefits. Here are six ways to make a case for containerization in your enterprise.

1. Shift to DevSecOps

Orchestrated containerization provides DevOps with real-time tools to rapidly scale or modify container images. This is a productivity advantage and potential container security risk. If your container images are risky, you’re scaling vulnerabilities across multiple cloud environments.

A secure pipeline for continuous integration and delivery of container images is necessary. Orchestration tools can define and streamline processes for moving secure container images into production and integrate continuous testing along the pipeline.

The entire enterprise benefits when container adoption is used to create a secure code pipeline. Velocity is a natural result of alignment between the DevOps, AppOps and infrastructure teams. Adopting containerization and orchestration allows DevOps to shift to DevSecOps, proactively resolving security risks throughout the code pipeline.

2. Facilitate Innovation

Containerization offers the advantage of open technology. Your business can benefit from best practices that have been crafted by a strong community of users. The Open Container Initiative (OCI), for example, has worked to create standardized building blocks for containerization to create a standard path to IT microservices.

The containerization ecosystem is filled with open-source tools. This offers the benefit of continuous improvement in containerization technologies and the ability to collaborate within the community. Orchestrated containerization technology can simplify development and maintenance, freeing talent resources to focus on innovation.

3. Optimize Cloud Transformation

A container security strategy can enable organizations to optimize resource utilization and unlock cloud benefits such as agility and cost-savings. Compared to alternatives such as virtual machines, orchestrated containerization can enable organizations to:

  • Achieve greater harmony across the application infrastructure;
  • Scale services in direct response to demand;
  • Automate fault tolerance and response; and
  • Orchestrate the application infrastructure.

Isolation and orchestration are critical pillars of container security. An enterprise can expect to achieve the benefits of self-healing and auto-detection throughout the application life cycle, as well as greater load balancing. These translate into the business benefits of cost savings and risk reduction.

4. Unlock Agile Microservices

Before microservices, the enterprise chased the paradigm of service-oriented architecture (SOA). The SOA model was an early example for strategic IT that represented a shift away from behemoth enterprise systems.

SOA evolved into microservices in the cloud era. This paradigm is best defined as an agile IT architecture organized around business capabilities. The nice characteristics of a mature microservice architecture, according to cloud author Martin Fowler, are:

  • Componentization, or atomized resources;
  • Alignment with business capabilities;
  • Focusing on products, not projects;
  • Smart endpoints;
  • Decentralized governance;
  • Decentralized data management;
  • Automated infrastructure;
  • Fault tolerance; and
  • Design evolution.

Containerization isn’t necessarily the only path to mature microservices, but it’s a clear path. Secure containerization can allow organizations to switch to native cloud development and bake agility into legacy infrastructure. Orchestrated containerization provides DevOps with the ability to make iterative changes in response to the needs of business users and customers.

5. Responsive Security

Nearly one-third of data breaches can be attributed to outdated security patches, according to a recent Tripwire study, and experts estimate that a majority of organizations are aware that their patching efforts are less than adequate.

Containerization can facilitate agile security and remove interdependencies between apps that lead to longstanding vulnerabilities. Isolated containers can be updated quickly without impacting other microservices in an application. Orchestration and automation can facilitate agile container security and visibility throughout the application life cycle.

6. Application Resilience

Cyber resilience is defined as the process of unifying IT security and business continuity to help organizations achieve the least disruption possible during an attack. Application resilience is a closely related concept based on the idea of least disruption. In resilient infrastructure, a single failure has minimal impact on performance.

Containerization can provide a pathway to a resilient application infrastructure in the cloud, and DevOps can gain the ability to immediately roll back insecure containers from production if risks are detected, without interrupting operations. The result is better resilience and continuity in the event of a failure.

Building Support for Container Security

DevOps is facing immense pressure to iterate and fail fast on the road to digital transformation. While containerization can create greater agility throughout the application life cycle, achieving these benefits requires sensitivity to container security. Building an effective business case for containerization requires an understanding of the role of orchestration and automation technology.

Watch the webinar to learn more about container security

More from Application Security

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

A View Into Web(View) Attacks in Android

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

Twitter is the New Poster Child for Failing at Compliance

All companies have to comply with privacy and security laws. They must also comply with any settlements or edicts imposed by regulatory agencies of the U.S. government. But Twitter now finds itself in a precarious position and appears to be failing to take its compliance obligations seriously. The case is a “teachable moment” for all organizations, public and private. The Musk Factor Technology visionary and Silicon Valley founder and CEO, Elon Musk, bought social network Twitter in October for $44…