2) Thanks to the endless parade of mega breaches, security is now a C-level concern: DevOps has not been the only cultural change agent in to impact corporate cyber security. If the tech world has learned anything from the endless parade of mega breaches, it's that baking security into IT is not just a cool slogan - it makes good business sense. Compared to their predecessors, container platform providers are admirably security conscious (as they should be), but the market for containers is still in its early stages. With organizations such as Goldman Sachs and BNY Mellon publicly stating that they are "doubling down" on containers, security is no longer an afterthought. Which leads to the most critical factor in the equation ...
3) Container security requirements are being identified and addressed prior to mainstream adoption: With security teams being part of the vetting process for container adoption, security considerations are being raised before containers become mainstream. However, most security professionals have no idea what containers even are, let alone what the security implications of deploying them are. In addition to their unique security issues, the brief history of cyber security has shown us that whenever a new technology is introduced, exploits that abuse it are never far behind.
As security-conscious as Docker and other container platform vendors are, they can't control or foresee how their customers will utilize containers. In a few blinks of an eye, companies will be following Goldman Sachs and BNY Mellon's lead. Any organization evaluating a container-based strategy needs to make sure security is brought in early.
For now, we are still a few steps ahead of the security problem, but security teams have their work cut out for them. They need to familiarize themselves with container technology, and consider container security issues in context of the enterprise applications they're using containers to build.
It's a tall order, but integrating container security into the equation early is what gives containers the potential to become the poster child for top-notch application security.
If organizations leverage this window to integrate security into the fabric of how container-based applications are built and managed, it provides a rare opportunity to get security right.
Let's not screw it up!
This story, "3 ways to improve security as you embrace containers" was originally published by Network World.
Sign up for Computerworld eNewsletters.