DevOp’s value to the organization depends on speed; velocity is a critical success measure on the road to digital transformation. While DevOps leaders understand the value of security by design, many struggle to create a secure code pipeline. In fact, according to a report, 71 percent of industry professionals said their team lacks adequate knowledge of security best practices, such as container security and continuous delivery.

Integrating security into the entire application life cycle without sacrificing speed isn’t simple. Countless organizations face a clear and overwhelming need to update both process and infrastructure for secure digital transformation.

Containerization can offer immense benefits on the road to digital transformation. Adopting containers creates agility throughout the application life cycle for more strategic services, clouds and iterations. There are some automatic security benefits to a containerized infrastructure, such as faster deployments and better application resiliency. It’s not a perfect cure, though. Poor container orchestration or isolation can introduce new security challenges.

Informed adoption is key to maximize the benefits of a container-first application strategy. Orchestration is critical to optimize potential benefits and manage container security. And the shift to container-based microservices can help organizations simplify the shift to secure DevOps (DevSecOps) by creating automation throughout the code pipeline. But to build an effective business case for secure containerization, security leaders should understand both the benefits and the risks on the road to adoption.

3 Common Use Cases for Containerization

Transformation requires agility, and it’s likely that the future of enterprise app ecosystems will be closely tied to containerization technology. Put simply, containerization is a strategy for packaging applications into scalable, modular microservices. Container images are easily portable between environments, facilitating workload optimization. Container adoption allows DevOps to continuously deploy independent updates to service modules without impacting application performance.

A container-first cloud strategy can facilitate efficient DevOps. When continuous deployment is aligned with business units, there’s an immense benefit for the entire enterprise. According to IBM cloud experts, the three most common enterprise use cases for container adoption are modernization, transformation and cloud transformation.

  1. Modernization — A complex cluster of interdependent legacy applications carries hefty maintenance requirements. Modernizing legacy apps with containerization can free AppOps from burdens such as configuration drift and custom code by isolating services into independent entities.
  2. Transformation — Containerization can significantly decrease the speed of creating cloud-native capabilities. Open technologies and effective isolation of container images help DevOps build, test and deploy apps with speed.
  3. Cloud advantage — Containerization frees the enterprise from being locked into a cloud platform by creating flexibility throughout the application life cycle. Container orchestration can automate resource management, scaling and optimize cloud performance.

Making a Business Case for Secure Containerization

Switching from an “antiquated” infrastructure to orchestrated containerization enabled one major enterprise content management organization to reduce microservice deployment times from three weeks to five hours. Adopting containerization can provide an opportunity for greater ecosystem orchestration.

However, understanding the barriers to benefits is key to making an effective business case. A solid strategy for container adoption can enable organizations to unlock code pipeline efficiency, application resiliency and agility, among other benefits. Here are six ways to make a case for containerization in your enterprise.

1. Shift to DevSecOps

Orchestrated containerization provides DevOps with real-time tools to rapidly scale or modify container images. This is a productivity advantage and potential container security risk. If your container images are risky, you’re scaling vulnerabilities across multiple cloud environments.

A secure pipeline for continuous integration and delivery of container images is necessary. Orchestration tools can define and streamline processes for moving secure container images into production and integrate continuous testing along the pipeline.

The entire enterprise benefits when container adoption is used to create a secure code pipeline. Velocity is a natural result of alignment between the DevOps, AppOps and infrastructure teams. Adopting containerization and orchestration allows DevOps to shift to DevSecOps, proactively resolving security risks throughout the code pipeline.

2. Facilitate Innovation

Containerization offers the advantage of open technology. Your business can benefit from best practices that have been crafted by a strong community of users. The Open Container Initiative (OCI), for example, has worked to create standardized building blocks for containerization to create a standard path to IT microservices.

The containerization ecosystem is filled with open-source tools. This offers the benefit of continuous improvement in containerization technologies and the ability to collaborate within the community. Orchestrated containerization technology can simplify development and maintenance, freeing talent resources to focus on innovation.

3. Optimize Cloud Transformation

A container security strategy can enable organizations to optimize resource utilization and unlock cloud benefits such as agility and cost-savings. Compared to alternatives such as virtual machines, orchestrated containerization can enable organizations to:

  • Achieve greater harmony across the application infrastructure;
  • Scale services in direct response to demand;
  • Automate fault tolerance and response; and
  • Orchestrate the application infrastructure.

Isolation and orchestration are critical pillars of container security. An enterprise can expect to achieve the benefits of self-healing and auto-detection throughout the application life cycle, as well as greater load balancing. These translate into the business benefits of cost savings and risk reduction.

4. Unlock Agile Microservices

Before microservices, the enterprise chased the paradigm of service-oriented architecture (SOA). The SOA model was an early example for strategic IT that represented a shift away from behemoth enterprise systems.

SOA evolved into microservices in the cloud era. This paradigm is best defined as an agile IT architecture organized around business capabilities. The nice characteristics of a mature microservice architecture, according to cloud author Martin Fowler, are:

  • Componentization, or atomized resources;
  • Alignment with business capabilities;
  • Focusing on products, not projects;
  • Smart endpoints;
  • Decentralized governance;
  • Decentralized data management;
  • Automated infrastructure;
  • Fault tolerance; and
  • Design evolution.

Containerization isn’t necessarily the only path to mature microservices, but it’s a clear path. Secure containerization can allow organizations to switch to native cloud development and bake agility into legacy infrastructure. Orchestrated containerization provides DevOps with the ability to make iterative changes in response to the needs of business users and customers.

5. Responsive Security

Nearly one-third of data breaches can be attributed to outdated security patches, according to a recent Tripwire study, and experts estimate that a majority of organizations are aware that their patching efforts are less than adequate.

Containerization can facilitate agile security and remove interdependencies between apps that lead to longstanding vulnerabilities. Isolated containers can be updated quickly without impacting other microservices in an application. Orchestration and automation can facilitate agile container security and visibility throughout the application life cycle.

6. Application Resilience

Cyber resilience is defined as the process of unifying IT security and business continuity to help organizations achieve the least disruption possible during an attack. Application resilience is a closely related concept based on the idea of least disruption. In resilient infrastructure, a single failure has minimal impact on performance.

Containerization can provide a pathway to a resilient application infrastructure in the cloud, and DevOps can gain the ability to immediately roll back insecure containers from production if risks are detected, without interrupting operations. The result is better resilience and continuity in the event of a failure.

Building Support for Container Security

DevOps is facing immense pressure to iterate and fail fast on the road to digital transformation. While containerization can create greater agility throughout the application life cycle, achieving these benefits requires sensitivity to container security. Building an effective business case for containerization requires an understanding of the role of orchestration and automation technology.

Watch the webinar to learn more about container security

More from Application Security

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

4 min read - Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

4 min read

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

17 min read - Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

17 min read