Enterprise confidence in containers continues to accelerate – not just in terms of the number of businesses now running containerized applications, but also in how many of those deployments span the entire application lifecycle. A recent survey by Market Cube finds that 87% of IT professionals are utilizing containers, and 90% of those are using them in production environments. At the same time, the past year has seen the number of IT teams with more than 40% of their applications running in containers double in size.
This marked increase in container adoption is a clear sign of a maturing and proven technology that enterprises and developers now have full confidence in leveraging. The emergence of Kubernetes as the ubiquitous option for container orchestration has further spurred container strategy by simplifying decision making and reducing risk. In this way, the container ecosystem now greatly assuages fears of vendor lock-in, while offering increasingly easier and more robust choices for addressing complementary requirements such as storage and security. Naturally, the strength of the containerization opportunity has also done plenty to promote trends toward cloud migration and container deployments within multi-cloud or hybrid cloud environments.
Yet while widespread container adoption now delivers well-demonstrated benefits for countless enterprises, it has also made containers and orchestration systems much, much more inviting targets for attack. Looking forward at shifts that are influencing (or ought to influence) enterprise container security strategy, I’ve identified the following five trends that I believe need to be at the top the agenda in any enterprise container discussion:
1. Container security is shifting “left” to the beginning of development, and “right” to protect production environments.
Until very recently, it was common to see enterprises begin application development using unsecure containerized environments, and only attach container security capabilities at some point in the middle of that process. However, this practice leaves defenseless applications exposed to zero-day attacks, insider attacks, and plenty of other vulnerabilities. Enterprises are now recognizing the importance of shifting their container security “left” to defend environments even before development begins. At the same time, organizations are more aware of their container security risks at they push their containerized applications into production. Enterprises. as a trend. are also shifting “right” to fully protect those more vulnerable environments – as well as their orchestration platforms – throughout the full application lifecycle.
2. Container-focused attacks are indeed increasing.
The rise in container adoption has caused attackers to see no shortage of value in making their own investments in the space. As a result, container deployments and Kubernetes itself have suffered a string of newly discovered and leveraged vulnerabilities. Make no mistake about it: this is the new normal. Recent high-profile examples include the takeover of Kubernetes deployments within Tesla’s own public cloud in order to launch containers performing cryptomining, the infiltration of the Docker Hub public repository to make it a repository for malicious containers, and the cryptojacking worm that exploited Docker Engine deployments. As this trend continues, there’s little doubt that similar attacks will only become more sophisticated and more commonplace, a fact that enterprises should be aware of as they plan and allot resources to container security.
3. Enterprises are building security mesh atop of service mesh to defeat attacks.
With attackers aggressively assailing containerized environments and orchestration solutions while employing ever more capable techniques for exploiting vulnerabilities, enterprises are acknowledging and acting on their need to implement brand new approaches themselves. Many are now thinking outside the traditional network and host security box by adding safeguards on top of a service mesh. By leveraging that architecture to enable a new layer of defenses in the form of a security mesh, enterprises are raising application-aware protections that feature the intelligent and automated security responses needed to repel sophisticated container API and Kubernetes exploits.
4. DevOps teams are declaring security policies in code.
Container security techniques are also advancing along the “policy as code” front, with enterprise DevOps teams making deft use of Kubernetes ConfigMaps, Custom Resource Definitions (CRDs), and other tools to automate security solutions, rules and configurations as a part of their CI/CD pipelines. In this way, DevOps teams can use standard YAML files to declare security policies based on analysis of application behavior – adding valuable automation and efficiency to the work of integrating obligatory security measures. At the same time, these same tools and techniques are available for traditional security teams to use in implementing cloud-native global security policies in their container environments.
5. Cloud 2.0 is arriving, accelerated by containers.
The road to Cloud 2.0 is undoubtedly being paved by container technologies, as enterprises recognize that opportunities to go well beyond VM-centric cloud infrastructures by adopting more data- and services-focused solutions. From containerization, to the aforementioned service and security meshes, to serverless, to cross-cluster and hyperscale management, enterprises are swiftly embracing advanced technologies that transform their cloud capabilities. The incentives are clear, as enterprises can meet their IT (and business) goals more dynamically and adeptly by using cloud-native tools to provide functionality such as networking, storage, and especially security.
By staying on top of trends and steering strategies to capitalize on emerging container security solutions and practices, enterprises can keep one technological step ahead in their cat-and-mouse game with attackers, while ensuring their businesses benefit from the myriad advantages that containers continue to deliver.
To learn more about containerized infrastructure and cloud native technologies, consider coming to KubeCon + CloudNativeCon NA, November 18-21 in San Diego.