As automation touches more of your organization, security will be far from automatic. Bots’ privileges need close scrutiny, for example.
6 container trends IT leaders should watch
What container trends should CIOs and their teams have on their radar? Let's dig in
4. New and maturing capabilities foster wider adoption
All three of those tools, along with continued development and maturity in core platforms such as Kubernetes, are examples of how the IT industry at large is already addressing and solving some of the initial problems and challenges running containerized applications in production.
Colin Chapman, chief delivery officer at Nexient, says containers have had a considerable positive impact on the software development firm’s business. That doesn’t mean there weren’t some bumps in the road. Stateful applications, like Xu notes above, or systems that had sophisticated intrinsic distributed architectures were still difficult to fit into the paradigm, Chapman says. Those issues are starting to get smoothed out, however, paving the way for wider usage.
“I would say the most exciting recent development in orchestration is the support for stateful apps and the Operator pattern, where some of our most complex systems and operations techniques can be standardized and automated,” Chapman notes.
“Another big step has been the emergence of new container-native build tools, which give us scalable event-driven workflows, allowing a shift away from the linear build pipelines we were used to towards actual reactive systems,” Chapman says. “We can respond to near real-time changes, allowing for sophisticated parallel workflows and large-scale testing, using our orchestration stack to coordinate FaaS events.”
5. Service meshes help pay off on a key promise of containers
Istio, the service mesh technology Xu mentioned above, is helping more teams move containers out of a developer’s sandbox and into production. Istio helps teams move containers around at scale, without disrupting external services around them, like load balancing and application firewalls.
Chapman from Nexient translates the buzz around services meshes into tangible results that his firm is seeing first-hand: “We have been able to automate many processes, like resiliency testing and cluster federation, using these meshes, as well as to help in continuous delivery, with phased deployments. The fine-grained control over security and monitoring allowed by the mesh approach has greatly simplified the application architectures we’ve used, allowing us to factor out much of the cross-cutting bloat in our application and networking layers. We can set up encryption, authorization, and monitoring, all through primitives that can be programmatically controlled and quickly changed.”
6. Container security comes of age
Enthusiasm for an emerging technology tends to get kept in check by questions such as, “So, uh, can we run this securely in production?”
“Security was previously major deterrent to container adoptions,” McClarty says. “However, containers are now hardened, secured, and tested against vulnerabilities within the continuous delivery pipeline.”
“As container strategies mature, enterprises deploying containers within CI/CD pipelines are increasingly recognizing the importance of securing their application container development environments from start to finish,” Duan says.
That “shift left” mindset might only account for the build and ship stages; as more companies begin moving containers into production, they’ll need to secure the “run” stage, too. They’ll have a growing menu of maturing container security tools and technologies to choose from when they do.
[ See our related article: DevSecOps: 7 habits of strong security organizations. ]