DevOps teams began their love affair with containerization a few years ago, with Docker as the most popular implementation. Containerization allows for a more distributed agile application development process instead of having to spin up individual virtual machines (VMs) with operating system (OS) dependencies. Unfortunately, paying attention to security was not a top priority in this approach at first.
To get started using Docker, anyone who has access to a VM can install it to run in almost any OS environment. Multiple containers can run independently of the underlying OS on clusters of VMs. They can also scale up or down and are portable to other environments. This alluring flexibility lends itself to a more rapid, agile development practice.
At the same time, virtualized environments have become a lot easier to implement in public clouds on demand—some would argue that VMs are just as scalable as containerization with the right architecture and modular design. For more information about containerization and VMs, see Demystifying Containerization for the Enterprise.
Security and Containerization Challenge
Most enterprise customers are extremely concerned about security in production (as they should be), especially with containerization. By using a centrally managed hybrid cloud platform, they can create whatever level of security is required and be alerted when a security condition might be a potential threat.
Isolated VMs that end up having a security issue impact only those specific VMs, and in many cases can be addressed quickly. On the other hand, if the host system VM for the containerized environment has a vulnerability, the entire set of associated containers becomes vulnerable as well, with potentially much farther reaching consequences.
Rugged DevOps and DevSecOps
To mitigate security issues for production deployments using a DevOps methodology, check out the security manifestos from these two organizations:
To summarize, Rugged DevOps implements security with a due diligence approach that must be incorporated into the DevOps process, whether manual or automated with a scripting approach, whereas DevSecOps requires security to be coded into the process—fully baked into the lifecycle of any containerization that is deployed in production.
Approaches for Containerization Security
Enterprise containerization requires that DevOps teams work closely with the security teams within the organization in order to agree on an approach that satisfies the exposure for the organization. There’s definitely the possibility that there will be a tradeoff between agility and a more secure environment at first. However, the most disciplined IT pros would argue that getting security right at the start will have a much greater impact on the overall business value.
As enterprise containerization strategies have become more popular, you can bet that there’s a value-added market for handling security, especially if it’s more difficult to implement for some organizations. We can now add Containers-as a-Service (CaaS) as yet another acronym to our long list of as-a-Service options. Most major cloud providers, including AWS, MS Azure, Google Cloud Compute (GCP), and IBM offer CaaS. With this approach, the responsibility for security is “bought” or “rented” from the cloud provider.
No matter how security is addressed for containerization, CloudBolt provides a way to manage all of it from a central platform, whether it is cooked into the DevOps teams processes through Rugged, DevSecOps approaches, or if it’s offered with a CaaS offering. We help standardize on any self-service resources that developers and DevOps teams need with our blueprints that can be configured to provide whatever level of security is needed for enterprise hybrid cloud containerization.