Containers: Secure or Not, Here They Are
Containers are here. And it doesn’t mater whether or not containers are a transitional technology (they are, as our JP Morgenthal covered in Containers are designed for an antiquate application architecture) until all applications are designed for cloud and web-scale, containers will be part of the cloud and virtualization scene. Right now, containers are white hot. And as you’ve seen here in the past month, containerization was an editorial focus for us throughout March.
To give you an idea of how popular containers are right now, consider the results of a StackEngine sponsored survey from last month, where 745 respondents were queried about their Docker adoption:
More than 70 percent of respondents are either using Docker or evaluating it in their organization
- 23 percent are familiar but not using it
- Only 7 percent had not heard of Docker
- At 63 percent, there is significant Docker use within QA and test environments
- 53 percent in development
- A smaller, but significant minority, at 31 percent, plan to use Docker in production, but there isn’t any indication on the criticality of the production apps planned at this stage, nor the timetable to move to production.
The biggest two challenges facing Docker adoption were reported by respondents to be “security model” and “Lack of Operational Tools for Production.” Roughly half of respondents cited these reasons as a barrier.
Also, the three primary motivators for deploying containers are not surprising: hybrid cloud adoption, the cost of VMware, and pressure from test environments.
Yet, the two biggest challenges cited are not a surprise, either. I’ve been covering enterprise IT going on three decades, and for enterprises – when it comes to new technologies – it is common for systems management and operational tools that can’t scale to enterprise needs to be a short term stumbling block. When it comes to security, having working security models and tools to secure certain types of enterprise use cases has always been an issue, and this is also something that improves over time just like management tools.
However, over time Since the late 90s, having tools to manage the security of the new technology and understanding a workable model for securing that technology. While I didn’t see the question asked in the StackEngine survey, regulatory mandates and the ability to not only comply – but report on that compliance is also a barrier for some areas of the enterprise.
And, just like most every technology, containers have security benefits and drawbacks:
First, the a few of what I see as the important security benefits:
Enterprises I’ve spoke with say that containerization is great in development and testing.
- They can help with application security and QA testing
- They are effective at swift provisioning and deprovisioning.
- Containers can simplify security patching
- Containers can help with managing applications as temporal assets, rather than fixed assets, and they make it easier to automate data and dependencies.
Are there security cons? Sure. The flexibility of containers let teams get sloppy, and create poorly managed sprawl. Additionally, containers, currently don’t segregate as strongly as virtual machines, so there is risk there that many organizations may not have the processes or skills in place to manage that risk.
In the end, when we look at the pros and the risks of containers – today the benefits of containers far outweigh the risks and whether anyone considers them secure, or not, it doesn’t matter – they are here to stay.
About the Author/George V. Hulme
Pingback:Containers: Secure or Not, Here They Are - DevOps.comDevOps.com