Until recently, if you overheard your company’s CISO mentioning Docker, you might have assumed he or she was talking about casual Friday attire. Now, however, you probably could identify Docker as the leading name in containerization, an increasingly important element in your organization’s strategy for digital transformation.
And you’re about to hear a lot more about containerization as your journey to the cloud accelerates. Containerization is important to more than your technical teams; business leaders need to understand it as well, particularly because it has significant cybersecurity implications.
Most business leaders have become familiar with the notion that applications are being developed and deployed differently–faster, in more frequent bursts, and in the cloud. This puts containerization at the intersection of two important trends–the accelerated adoption of cloud for a wide range of business tasks, and DevOps, the tight, agile relationship between software developers and the business groups that benefit from that software.
After all, the value for any organization’s IT investments is in its applications, and containers represent a major step forward in the process not just of developing those applications, but also in how fast they deliver measurable business value. And at the heart of this trend is business agility, according to Tim Prendergast, chief cloud officer at Palo Alto Networks. Containers “promote portability, so applications can move easily across environments–on-premises, a single cloud, or multiple clouds–with low friction,” he points out.
One way to think about the value of containerization is to consider what it was like to share documents before the introduction of Adobe’s Portable Document Format (PDF) solution. Today, we don’t worry about translating or recoding documents written in one environment, like Windows, but that need to be shared and read in many other formats such as an iPad running iOS, or an Android-based smartphone. PDF normalized documents into a single format, and containers are doing the same thing for applications that can be used in any physical or virtual computing environment. This means your developers can revise and update code anywhere, anytime, and on any type of system because they are using the same development environment as when they’re in the office working on their production systems.
And as DevOps becomes both commonplace and essential in helping organizations navigate their way to becoming truly digital businesses, containers become indispensable tools. One of the big attractions to containers centers on our favorite subject: cybersecurity.
Instead of developing and deploying large, monolithic blocks of code, containers enable software to be broken down into smaller chunks that can be checked more frequently and quicker when new threats emerge. Container infrastructure vendors like Docker and others have made cybersecurity a big priority and have integrated stronger security defenses into their tools from the start.
But that doesn’t mean you can take cybersecurity for granted as your organization embraces containers. Containers are not necessarily a new technology, but they are newer to enterprise use; that means attention must continue to be paid when using containers to ensure that the same cyber hygiene and best practices traditionally used in software development are applied to containerized applications.
There is the reality, as well, that bad actors will be drawn to containers by the very fact that they are new and a hot topic. “There are going to be zero-day exploits that will be attempted, and the bad guys are likely to be aggressive,” according to Prendergast. “Any new technology has an Achilles heel, so you need to re-evaluate your risk profile.” On the positive side, however, “If you are worried about the potential for a container being compromised, you can simply kill that container and launch a new one in seconds,” he said. “You don’t have to worry about replicating the fix across multiple web servers; it’s easier, faster, more efficient, and safer.”
He also points out that, as containers gain more acceptance and are more widely used for DevOps projects and as a facilitator of digital transformation, the container tools developers will undoubtedly step up their game when it comes to security and will fine-tune to mitigate known vulnerabilities.
Still, it’s important for business executives to ask some pointed questions when their IT execs talk about container adoption. These include:
- What’s the business advantage you expect to achieve in a containerization strategy?
- Which workloads will be put into the container, and how will you know it’s delivering a measurable business benefit?
- How will you ensure that adding containers will help accelerate our DevOps initiatives, rather than create more friction with the introduction of a new toolset?
- How will containers change our cybersecurity threat vectors, and how are you accounting for that?
In the end, business leaders don’t need to worry about how containers work–only that they are a good fit with their goals of more closely aligning how applications are developed and deployed with the needs of business users who benefit from that software.