This piece originally appeared in CSO online.
Container security has been gaining steam over the last few years. Many enterprises are experimenting with containers, and a recent 451 report showed that 25 percent of companies have already implemented the technology. While IT teams and software developers are more familiar with the fundamentals and benefits of containers, C-level executives often don’t have as much visibility into the value they provide.
The following tips will help you utilize containers so that you can meet your business and IT goals.
Understand that you’re probably already using them
With open source roots, lots of flexibility, and an ability to make developers’ day to day jobs easier, containers often grow organically within an organization. Even if you don’t officially support them today, there’s a good chance you have individuals and even whole teams already using them, and may even be using them in sophisticated ways as part of important business processes. Don’t drive the adoption underground with heavy handed mandates, telling people which tools they should use to do their best work. You should instead bring them into the light with examples of people who use them correctly. Take a ‘guardrails and traffic cameras’ approach to giving teams some wide definitions of how to best use them and monitor how they’re actually using them, but don’t put stop signs in the way of something pretty difficult to prevent anyway.
Containers are probably not going to replace VMs
While there are many breathless articles about containers “killing” VMs, the reality is that the two are largely complementary technologies. Most organizations, even those that embrace containers heavily, are likely to still run them within VMs. They’re different tools that solve different problems and you shouldn’t look at them as an either / or question. You’ll use VMs to virtualize and compartmentalize your hardware, and use containers to do the same for your operating systems. For example, VMs provide strong security boundaries, so many organizations will use them to segregate workloads by sensitivity level, while using containers to run apps of the same sensitivity level within that VM.
Containers require a culture shift for people and processes
The most important thing for organizations adopting containers isn’t technical – it’s about people and processes. Containers bring great advantages in velocity, efficiency, and even security. But, to reap these benefits, an organization must evolve its operational practices to focus on automation, repeatability, and ‘infrastructure as code’. If deploying a new VM involves a human being, you’re already behind the curve and won’t really feel the advantage of containers.
Before focusing on the technology part, you need to figure out how to align your teams to have closer cooperation between DevOps and security. You’ll need to automate all manual touch points you currently have in provisioning and operational workflows. If you’re doing a process more than once, you’ll also need to establish a template that can do it identically the next 10,000 times. The organizations that embrace these operational changes are the ones that will reap the most rewards from containers.
Subscribe to our blog for cloud native cybersecurity updates, or get in touch for a demo.
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
Twistlock Releases Serverless Runtime Defense
A few months ago, we wrote a piece on “The Continuum of Cloud Native...
Why DevSecOps is No Longer Optional
DevSecOps has been a hot topic within tech conversations for a few yea...
Better Together: Announcing The Twistlock Advantage Program
It’s been about three years since we exited stealth with the first g...
My Security Toolset Today Vs 10 Years Ago
It can be easy to forget how sophisticated IT security tools are today...
How to crash the Linux Kernel with a CDROM interaction – CVE-2018-11506
I’ve recently discovered and reported a buffer overflow vulnerabilit...