This piece was first published in Container Journal.
Technology innovation is often driven by two things — agility and mobility. We happily ditched rotary phones for cordless phones, and have ultimately embraced mobile phones because they have allowed us to be more agile and mobile.
IT itself is experiencing a similar evolution in the way we build and run apps. Fifteen years ago, virtualization was becoming mainstream and was embraced as a way to more quickly deploy new servers and apps and to separate them from physical hardware. Ten years later, cloud was becoming mainstream as a way to abstract those apps and infrastructure away from physical datacenters and allow organizations to quickly and efficiently deploy and scale at provider scale. Today, DevOps and containerization are driving the evolution to cloud-native apps that stress close integration and automation between dev and deployment and provide further separation between the app and environment in which it runs. Technologies like Docker and Kubernetes empower every organization with the kind of software tools that only recently existed at the most advanced planet-scale tech giants.
These cloud-native apps come at a time in which software is becoming more core to the operations of every organization. No longer is IT just a way to more effectively communicate and share files; instead it’s becoming core to organizations’ competitive advantage. Once software becomes a marketplace differentiator, it’s even more important for IT operations to embrace cloud-native tools like containers that make it easier to respond to business needs through rapid iteration and continuous improvement.
In addition to the technology industry, which is inherently more familiar with containerization, these three industries are also demonstrating innovation in their use of containers.
Maintaining security is a key goal for any industry considering adopting a new technology — especially within the government. Because a security breach within an agency could have a negative impact on a national scale, technological innovation within federal government agencies has historically moved slower than in other industries. Yet despite this history, agencies are embracing containerization to make apps and services more agile and secure.
One example of containerization in government is a military command focused on protecting warfighters from IEDs and other improvised threats. This agency uses containers to more quickly build and iterate on apps that help model the effects of these weapons and design systems to defeat them. Because adversaries are always evolving their tactics, the kinds of simulations and scenarios the organization needs to model and understand is also constantly changing. Containers allow their dev teams to focus on the apps themselves and have strong consistency from the build process, to QA, to production, reducing the time it takes to update their apps to handle new physical world threats. Prior to using containers, the organization had to spend significant time and resources on managing and debugging underlying infrastructure; containers abstract the infrastructure from the app much more cleanly and allow them to focus more time on delivering value in the app rather than debugging setup and deployment problems.
While containers are a relatively new technology, many other government agencies are actively using them to improve mission services and deliver government more efficiently. For example, some of our other government customers use containers in big data scenarios for public health research, others in apps to detect fraud in mortgage lending, and others to make immigration processes safer and more efficient. The wide usage of containers across the federal government led NIST to create Special Publication 800-190, the Container Security Guide, to help agencies and the public understand best practices for running containers securely.
Healthcare providers and the various companies that work with them have a lot to consider when evolving their development processes. How do they keep patient information secure — while still allowing developers to build websites and tools that can keep up with expectations for accessibility and ease of use? Healthcare IT often has two key goals: improving patient outcomes and lowering delivery costs. Containers are valuable tools in helping to achieve both of these simultaneously because they facilitate getting app improvements to market more quickly and efficiently.
One of the largest health insurance companies in the United States uses containers to run the backend of their consumer facing e-health platform. This platform enables their customers to track claims, manage prescriptions, and view their medical history from any browser and from their mobile apps. They have more than 25,000 images in their environment and have decomposed their applications into a collection of microservices that can be more easily iterated upon, deployed, and scaled. Containers allow them to focus on making many small improvements quickly, rather than maintaining large monolithic apps that are difficult, expensive, and risky to change. The portability of containers also enables them to have great flexibility in where they run their apps across a combination of public and private clouds, depending on business needs and security requirements. Rather than being tightly tied to specific infrastructure, containers enable them to deploy and run exactly the same app on their dev workstations, in their public cloud QA environment, and in their production private cloud.
Some of our other health care customers use containers for other scenarios. For example, one of the largest medical research universities uses containers to track and analyze data from trials of new therapies. In another case, a top tier medical device manufacturer uses containers to provide backend analytics and proactive maintenance services for CT scan systems. In a final example, a managed service provider, specifically focused on delivering HIPAA compliance in public clouds, uses containers to help providers lower costs by transitioning apps from high cost self-managed data centers to public cloud providers. In each of these use cases, containers are enabling better agility and lower costs by providing greater separation of apps from infrastructure and ensuring consistency across operating environments.
Banks and credit card providers handle and process sensitive, high value information as their core business. At the same time, few industries have seen the degree of technical disruption and heightened customer expectations that financial services has. This sector is simultaneously subjected to cyber attacks of ever-increasing sophistication, while also being pushed by customers to make personal banking more mobile and connected. To meet these needs, financial services organizations need to build apps that are architecturally transparent — in which there is an implicit and clear understanding of the components and their boundaries — so that they can be secured and scaled. Containers have some fundamental characteristics that make this possible. Their minimalistic and declarative nature make them more transparent from a security standpoint and, when combined with orchestration platforms, make it easy to dynamically scale apps as customer needs increase.
One of the largest global financial services firms runs an internal “Container as a Service” platform that provides a centrally managed, secured environment for multiple business units to share and run a diverse variety of apps. For example, this CaaS platform hosts apps related to bond trading, derivatives, and retail banking. The isolation that containers provide allows for more efficient usage of resources, and the firm uses a zoning approach to group together containers of similar sensitivity levels on to specific hosts. This firm has closely integrated their upstream development process with the platform, allowing developers to easily start a highly automated QA, security evaluation, and deployment process onto the CaaS platform as they improve the apps. Containers enable a high degree of consistency across environments and are broadly extensible, leading to automation of the deployment workflow.
We’ve seen other financial services customers using containers in innovative ways as well. For example, one of them uses containers to support a free credit score monitoring app that helps match customers with credit card offers aligned with their needs. Because the app is directly consumer-facing, rapid iteration of the user experience is a key part of their approach, and containers help them deliver updates more rapidly. In another case, a large wealth management firm uses containers to run an app that helps their clients plan for retirement.
As the usage of the app within their client base grew, they had access to more data inputs and a containerized microservices architecture helped them scale the service to ingest and use these new data sources to enrich their planning results. Finally, another customer is a leading credit card provider that uses containers’ help to surround existing legacy apps with new front end services, helping them integrate sometimes decades old core technologies with modern mobile apps. Because containers enable iterative development processes, they can add individual pieces of functionality to their existing base without the risk and cost associated with a wholesale platform migration.
Containers are the kind of once-per-decade disruptive technology we’ve seen before with virtualization and cloud. Because they enable better agility and more rapid innovation in software, they’re less of a vertical specific technology than a fundamental shift in the way organizations of all sizes and across all industries are building and running their apps. Their usage in government, healthcare, and financial services — industries not often considered to be early stage technology adopters — shows their broad benefit and utility. As “software eats the world” and “every company becomes a software company,” containers are a key technical innovation underpinning this transition.
Subscribe to our blog for cloud-native security updates, or get in touch for a demo.
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
Twistlock Releases Serverless Runtime Defense
A few months ago, we wrote a piece on “The Continuum of Cloud Native...
Why DevSecOps is No Longer Optional
DevSecOps has been a hot topic within tech conversations for a few yea...
Better Together: Announcing The Twistlock Advantage Program
It’s been about three years since we exited stealth with the first g...
My Security Toolset Today Vs 10 Years Ago
It can be easy to forget how sophisticated IT security tools are today...
How to crash the Linux Kernel with a CDROM interaction – CVE-2018-11506
I’ve recently discovered and reported a buffer overflow vulnerabilit...