Access and Feeds

Containers: Security isn’t Keeping Pace with Devop Rollouts

By Dick Weisinger

Container technologies, like Docker, have many advantages over VMs. They are considerably more lightweight and can quickly start up. Depending on the physical server, container start times might be on the order of only 50 milliseconds compared to 30 to 40 seconds for a VM. They are particularly well suited for use with building applications based on microservices.

Only 20 percent of organizations used containers in 2019, but Gartner forecasts that 70 percent of organizations will be using containers by 2023.

But containers may not be the right or best solution for everything. Like most things, one size doesn’t fit all. Kaya Ismail, writing on CMSWire, digs in deeper to comparing containerized deployment versus a more traditional monolithic one and noted some problems with containers.

  • Performance – Applications based on microservices see better performance with containers. But not so with applications not using microservices. Containers with application code larger than several hundred megabytes may not see much gain.
  • Shared Infrastructure – Side-by-side deployments in the same shared OS kernel may also expose applications to vulnerabilities. Single-tenant architectures on bare-metal offer the greatest protection.
  • Security – Containers are new and often not configured correctly to be secure. Misconfigurations can leave applications vulnerable to threats.

Security, in particular, is one area where Docker users easily get tripped up. Docker usage can be complicated and misconfiguration is common.

Sandy Carielli, principal analyst at Forrester, said that “the allure of containers is largely to the benefit of the DevOps side of the house. Security pros are brought in later and left with the sub-optimal task of applying existing tools and traditional security mindsets to secure containers — and discovering that those are ill-equipped to the task.”

Benoit Heynderickx, principal analyst at the Information Security Forum, told ComputerWeekly that: “the lightweight nature of containers removes the need for traditional IT infrastructure security controls such as a constant patching cycle and the extreme reliance on the firewall for protecting a network-based perimeter. But it brings new types of risks due to the rapid lifetime of containers, while adding increased networking complexities and placing emphasis on the need to apply secure design principles early on, such as secure coding practices. This is a paradigm shift from traditional security models and can only be addressed by deploying it in a phased and defined manner, focusing on specific groups of applications, such as the most sensitive ones for a start.”

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

eight + 11 =