Light Dark
August 28, 2019 By Jasmine Henry 5 min read
Application Security
Cloud Security

DevOp’s value to the organization depends on speed; velocity is a critical success measure on the road to digital transformation. While DevOps leaders understand the value of security by design, many struggle to create a secure code pipeline. In fact, according to a Logz.io report, 71 percent of industry professionals said their team lacks adequate knowledge of security best practices, such as container security and continuous delivery.

Integrating security into the entire application life cycle without sacrificing speed isn’t simple. Countless organizations face a clear and overwhelming need to update both process and infrastructure for secure digital transformation.

Containerization can offer immense benefits on the road to digital transformation. Adopting containers creates agility throughout the application life cycle for more strategic services, clouds and iterations. There are some automatic security benefits to a containerized infrastructure, such as faster deployments and better application resiliency. It’s not a perfect cure, though. Poor container orchestration or isolation can introduce new security challenges.

Informed adoption is key to maximize the benefits of a container-first application strategy. Orchestration is critical to optimize potential benefits and manage container security. And the shift to container-based microservices can help organizations simplify the shift to secure DevOps (DevSecOps) by creating automation throughout the code pipeline. But to build an effective business case for secure containerization, security leaders should understand both the benefits and the risks on the road to adoption.

3 Common Use Cases for Containerization

Transformation requires agility, and it’s likely that the future of enterprise app ecosystems will be closely tied to containerization technology. Put simply, containerization is a strategy for packaging applications into scalable, modular microservices. Container images are easily portable between environments, facilitating workload optimization. Container adoption allows DevOps to continuously deploy independent updates to service modules without impacting application performance.

A container-first cloud strategy can facilitate efficient DevOps. When continuous deployment is aligned with business units, there’s an immense benefit for the entire enterprise. According to IBM cloud experts, the three most common enterprise use cases for container adoption are modernization, transformation and cloud transformation.

  1. Modernization — A complex cluster of interdependent legacy applications carries hefty maintenance requirements. Modernizing legacy apps with containerization can free AppOps from burdens such as configuration drift and custom code by isolating services into independent entities.
  2. Transformation — Containerization can significantly decrease the speed of creating cloud-native capabilities. Open technologies and effective isolation of container images help DevOps build, test and deploy apps with speed.
  3. Cloud advantage — Containerization frees the enterprise from being locked into a cloud platform by creating flexibility throughout the application life cycle. Container orchestration can automate resource management, scaling and optimize cloud performance.

Making a Business Case for Secure Containerization

Switching from an “antiquated” infrastructure to orchestrated containerization enabled one major enterprise content management organization to reduce microservice deployment times from three weeks to five hours. Adopting containerization can provide an opportunity for greater ecosystem orchestration.

However, understanding the barriers to benefits is key to making an effective business case. A solid strategy for container adoption can enable organizations to unlock code pipeline efficiency, application resiliency and agility, among other benefits. Here are six ways to make a case for containerization in your enterprise.

1. Shift to DevSecOps

Orchestrated containerization provides DevOps with real-time tools to rapidly scale or modify container images. This is a productivity advantage and potential container security risk. If your container images are risky, you’re scaling vulnerabilities across multiple cloud environments.

A secure pipeline for continuous integration and delivery of container images is necessary. Orchestration tools can define and streamline processes for moving secure container images into production and integrate continuous testing along the pipeline.

The entire enterprise benefits when container adoption is used to create a secure code pipeline. Velocity is a natural result of alignment between the DevOps, AppOps and infrastructure teams. Adopting containerization and orchestration allows DevOps to shift to DevSecOps, proactively resolving security risks throughout the code pipeline.

2. Facilitate Innovation

Containerization offers the advantage of open technology. Your business can benefit from best practices that have been crafted by a strong community of users. The Open Container Initiative (OCI), for example, has worked to create standardized building blocks for containerization to create a standard path to IT microservices.

The containerization ecosystem is filled with open-source tools. This offers the benefit of continuous improvement in containerization technologies and the ability to collaborate within the community. Orchestrated containerization technology can simplify development and maintenance, freeing talent resources to focus on innovation.

3. Optimize Cloud Transformation

A container security strategy can enable organizations to optimize resource utilization and unlock cloud benefits such as agility and cost-savings. Compared to alternatives such as virtual machines, orchestrated containerization can enable organizations to:

  • Achieve greater harmony across the application infrastructure;
  • Scale services in direct response to demand;
  • Automate fault tolerance and response; and
  • Orchestrate the application infrastructure.

Isolation and orchestration are critical pillars of container security. An enterprise can expect to achieve the benefits of self-healing and auto-detection throughout the application life cycle, as well as greater load balancing. These translate into the business benefits of cost savings and risk reduction.

4. Unlock Agile Microservices

Before microservices, the enterprise chased the paradigm of service-oriented architecture (SOA). The SOA model was an early example for strategic IT that represented a shift away from behemoth enterprise systems.

SOA evolved into microservices in the cloud era. This paradigm is best defined as an agile IT architecture organized around business capabilities. The nice characteristics of a mature microservice architecture, according to cloud author Martin Fowler, are:

  • Componentization, or atomized resources;
  • Alignment with business capabilities;
  • Focusing on products, not projects;
  • Smart endpoints;
  • Decentralized governance;
  • Decentralized data management;
  • Automated infrastructure;
  • Fault tolerance; and
  • Design evolution.

Containerization isn’t necessarily the only path to mature microservices, but it’s a clear path. Secure containerization can allow organizations to switch to native cloud development and bake agility into legacy infrastructure. Orchestrated containerization provides DevOps with the ability to make iterative changes in response to the needs of business users and customers.

5. Responsive Security

Nearly one-third of data breaches can be attributed to outdated security patches, according to a recent Tripwire study, and experts estimate that a majority of organizations are aware that their patching efforts are less than adequate.

Containerization can facilitate agile security and remove interdependencies between apps that lead to longstanding vulnerabilities. Isolated containers can be updated quickly without impacting other microservices in an application. Orchestration and automation can facilitate agile container security and visibility throughout the application life cycle.

6. Application Resilience

Cyber resilience is defined as the process of unifying IT security and business continuity to help organizations achieve the least disruption possible during an attack. Application resilience is a closely related concept based on the idea of least disruption. In resilient infrastructure, a single failure has minimal impact on performance.

Containerization can provide a pathway to a resilient application infrastructure in the cloud, and DevOps can gain the ability to immediately roll back insecure containers from production if risks are detected, without interrupting operations. The result is better resilience and continuity in the event of a failure.

Building Support for Container Security

DevOps is facing immense pressure to iterate and fail fast on the road to digital transformation. While containerization can create greater agility throughout the application life cycle, achieving these benefits requires sensitivity to container security. Building an effective business case for containerization requires an understanding of the role of orchestration and automation technology.

Watch the webinar to learn more about container security

 |  |  |  |  |  |  |  |  |  |  | 
Jasmine Henry

More from Application Security
March 13, 2024

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

March 5, 2024

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

February 1, 2024

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature