DevOps and containers: Closing the gap between security and convenience

The applications container market looks set to surpass the public cloud services and infrastructure market, at least in terms of compound growth percentage, and for good reason. But as businesses eagerly adopt the technology, there’s one thing they need to remember if they want to reap the benefits of containers.

The burgeoning software applications container market is expected to be worth over US$2.1 billion this year, and more than US$4.3 billion by 2022, according to recent analysis by research and advisory firm 451 Research -- equating to a compound annual growth rate (CAGR) of 30 percent.

To put this into perspective, worldwide spending on public cloud services and infrastructure is expected to experience a CAGR of 22.5 percent from 2017 to 2022, according to research revealed in February from industry analyst IDC, with 2019 alone anticipated to bring in around US$210 billion for the public cloud industry.

While the global public cloud services and infrastructure market will outstrip the applications container market by nearly US$208 billion in 2019 if the figures by 451 Research and IDC are anything to go by, the applications container market is clearly experiencing markedly rapid growth in terms of importance and value.

This should come as no surprise. Just as cloud infrastructure helped to facilitate the rise of DevOps -- the now ubiquitous methodology named after a portmanteau of ‘development’ and ‘operations’ -- over the conventional waterfall methodology for software development, so DevOps has helped to trigger the rise of containers.

And why not? Containers effectively accelerate the software development and delivery cycle by giving developers the tools to overcome the dual challenges of application packaging and delivery. With containers, teams can quickly and reliably deploy their applications in a variety of environments. Like the DevOps methodology they serve, containers mean companies can get products to market sooner.

In the words of Docker, one of the foremost container platform providers today, a container is “a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.”

What this means in nuts-and-bolts terms for teams that employ containers to get things done is that they can focus fairly exclusively on the process of creating and deploying new products and services without having to worry too much about the infrastructure upon which development takes place.

However, while containers simplify the developer experience by moving complexities to the infrastructure layer, new challenges, particularly around information security, can emerge. Indeed, with the shifting of complexity comes the need for a shift in security approach so that the advantages of containers outweigh any potential security risks that could undermine their use.

Specifically, the kind of dynamic environments enabled by containers typically need security solutions that integrate with the continuous development and delivery pipelines that DevOps methodology enables.

Moreover, DevOps teams tapping into containers are likely to require additional security that is tailored for use with container platforms such as Docker, taking into consideration things like the potential attack surface of a Docker host’s operating system, along with the protection of inter-container traffic.

In short, to maintain the value of containers, it’s important to employ container-specific security solutions.

This requirement for a new, container-specific approach is somewhat compounded by the pressure on information security teams to keep up with the typically rapid pace of the DevOps approach without inadvertently creating bottlenecks in their efforts to maintain essential security standards amid a fast-paced environment.

With this in mind, it’s clear that there needs to be advanced security strategies and tactics in place in order to accelerate development while still meeting vital security goals.

Let’s not forget that the most effective time to implement security features in any piece of software is during the development lifecycle. This way, end-product security features can be ‘baked-in’ during its creation rather than simply tacked on as an afterthought, often making them stronger than add-on solutions.

Given that the security of applications during the development phase can be heavily reliant on the security of the container environments with which they are developed, it is essential that container security is treated as paramount and that the right sort of security systems, solutions and processes are being used.

If done right, development teams can meet the challenges of continuous development and deployment without compromising on security.

This means developers able to deliver on both the requirements of the increasingly rapid product lifecycle many organisations now face, and the security standards they need to maintain in order to keep themselves and their customers safe.

Copyright © 2019 IDG Communications, Inc.

The 10 most powerful cybersecurity companies