Microservices are a fast-emerging application platform. It is the architecture that will serve as the basis for many applications over the next 10 years. These are no wild claims as there’s good reasons for it. The advantages associated with microservices, such as their support for agile development and artifacts, and an architecture, enables businesses to quickly develop and roll out new digital offerings, making it the obvious choice.
Moving to a new application architecture means making a few changes. These changes are needed in existing practices, and many surrounding capabilities needed to operate a microservices-based application. These include things such as monitoring, moving state off of the execution environment, and so on. However, the biggest unanswered question is: what execution environment should your microservices applications use? Meaning, in what kind of environment should they run?
Container adoption is increasing rapidly
Organizations are rapidly adopting containers in production environments, often for both — on-premises and public cloud environments (frequently in multiple clouds). Therefore, there should be uniform security for their cloud-native assets. Since most organizations expect DevOps or DevSecOps teams to run container security platforms, the security tooling must help bridge security and DevOps by shifting security to the left and seamlessly protecting containers across the entire lifecycle.
According to a recent Forbes article, container adoption is rapidly growing in the enterprise, even faster than expectations. A new Gartner report states the same, “by 2023, more than 70% of global organizations will be running more than two containerized applications in production, up from less than 20% in 2019.”
Forrester Research has now presented a report that defines a set of best practices for container security. Sandy Carielli, a principal analyst for Forrester Research, says that another 25% of the respondents said that they either want to or plan to adopt containers this year. Now, it is just a matter of time before container security starts posing challenges.
IT organizations are moving toward a model where some members of the development team become cybersecurity champions. Security policies are still defined by the cybersecurity team, but their implementation is left to the development team.
The challenge is providing development teams with the tools required to implement these policies. Many organizations are now adopting technologies such as Integrated Development Environments (IDEs) that can automatically identify instances of insecure code. At the same time, container security scanning tools are being integrated with Continuous Integration/Continuous Delivery (CI/CD) platforms to identify any potential runtime security issues before containers are deployed in a production environment. Collectively, these tools lay the foundation for a set of best DevSecOps practices that will redefine the sometimes contentious relationship between developers and cybersecurity professionals.
Container security issues have not reached the point where they have become an IT crisis. However, it is clear that there is a greater sense of urgency now. Developers are adopting containers at a faster rate to build microservices-based applications that are not only faster but also run at higher levels of scale and more cost-effectively.