Posted by Charlie Klein on December 19, 2017
Organizations today work in a continuous delivery environment, requiring speed and agility in deployment and the ability to monitor applications once deployed. These requirements are accelerating the adoption of containers in the production environment. In October, DockerCon Europe revealed that 24 billion containers have been downloaded. Not surprisingly, there’s been a corresponding 77,000% growth in Docker job listings.
As application development teams are pressured to deliver software faster than ever, container adoption offers clear advantages. A Forrester study found that 66% of organizations who adopted containers experienced accelerated developer efficiency, while 75% of companies achieved a moderate to significant increase in application deployment speed.
As the saying goes, time is money. As development and operations teams deliver software without the hassle of constantly reconfiguring infrastructure, they save time and cut costs. In a different study, Forrester discovered that organizations saved upward of 70% on dev/test costs after container adoption, and 40% on production costs, while operating on 80% fewer servers. Similarly, case studies revealed that organizations who adopted containers experienced average cost savings of 50% in the production environment. Since containers do not require hypervisors, much of these savings come from a reduction in hypervisor licensing costs.
With a far smaller computing footprint, containers are simple and nimble—eliminating the need for IT operations and DevOps teams to worry about underlying architecture when they deploy applications. As a result of their simplicity, 73% of companies who use containers indicate a more consistent deployment process. The most common sentiment toward containers in this survey indicated that they play a key role in organizations’ DevOps strategy, likely due to the ability to deploy consistently and with agility.
It takes some operational know-how to leverage containers in production. “Although there is growing interest and rapid adoption of containers, running them in production requires a steep learning curve due to technology immaturity and lack of operational know-how,” says Gartner’s vice president of research Arun Chandrasekaran. While many container users are familiarizing themselves with the technology in development and testing environments, others have begun containerizing production on a broad scale. 451 Research, Forrester, and Cloud Native Computing Foundation found that 50%–70% of container users have begun leveraging containers to deploy applications in production.
These companies seem to be enjoying the benefits: Forrester reports that “sixty-three percent of organizations using containers have over 100 deployed, and 82% expect to have more than 100 containers deployed within the next two years.” Containers are being used in many different applications as well. Forrester found that respondents have “165 different containerized applications, a number that they project will rise by 80% in the next two years.” The Cloud Native Computing Foundation noted that there has been a 200% increase in organizations who deploy over 250 containers since 2016.
When containers are deployed at such scales, container orchestrators are necessary to run, terminate, update, and redeploy containers. Google Trends shows that searches for “container orchestration” has increased dramatically over the last three years, indicating a growing interest in container management. Orchestrators such as Kubernetes, Google Kubernetes Engine (GKE), and Red Hat’s OpenShift have been gaining traction in the container management market according to a study by the Cloud Native Computing Foundation.
Despite the potential gains offered by containers and the recent enthusiasm to adopt them, some enterprises remain hesitant to make changes to their production environment.
Security is frequently mentioned as the top concern for moving to containers. Enterprises need to be confident that their base images are secure before trusting sensitive data in containerized applications. Surveys conducted by Forrester Research, the Cloud Native Computing Foundation, and 451 Research revealed that 35%–45% of participants reported security as a primary concern regarding containerizing production environments—making it the most common concern affecting container adoption. Participants in Aqua Security’s survey indicate that 80% of container users believe they can improve their approach to container security. More specifically, 53% of participants in the same survey said detecting vulnerabilities in container images was a top concern.
In an attempt to mitigate these concerns, Forrester discovered that 43% of organizations conducted regular audits of their containers. Similarly, 54% of the same survey participants ran containers on top of hypervisors to keep them isolated from each other, limiting the impact to a single compromised container. These precautions taken to curb security risks forgo efficiency to improve security, undermining the advantages of using containers in the first place.
Other organizations have turned to container orchestration tools, such as Kubernetes, Docker Swarm, or Red Hat’s OpenShift, to address container security management. Chandrasekaran at Gartner says it is “important to deploy a packaged tool that can provide container and service-level monitoring, as well as linking container monitoring tools to the container orchestrators to pull in metrics on other components for better visualizations and analytics.” This approach to container security allows production teams to monitor the code and software dependencies within each base image without sacrificing efficiency. By baking container security into production environments via orchestration tools, organizations can continuously monitor their containers for new vulnerabilities and prevent vulnerable containers from being deployed.
While containers are not yet the de facto practice for application deployment, the efficiency and agility provided by containerized applications is leading to market acceptance. As Cloud Foundry suggests in its study, the conversation surrounding containerization is shifting from “why containers?” to “how containers?” In other words, the benefits of continuous delivery and containers are clear, but harnessing their capabilities in a secure manner is the next hurdle to overcome before containers go mainstream.
According to the National Institute of Standards and Technology (NIST), there are steps organizations can take to limit the security risks associated with containers without sacrificing their efficiency. NIST recommends IT operations teams integrate an automated security solution with their container orchestrator to scan and monitor images at scale. Looking ahead, organizations that use container-native solutions to set and enforce policies to prevent vulnerable images from being deployed will be best positioned to overcome the security barriers to container adoption.
Get the latest AppSec news and trends sent directly to you.