Is it possible to enjoy container agility and be secure?
In line with ever-changing demands on IT, containers are exploding in popularity and look set to become the preferred method for deploying applications.
It's not hard to see why as according to vArmour, containers provide a portable platform-agnostic way to package an application's configuration, code and dependencies that can both simplify and speed up application prototyping, development, deployment, and administration – more commonly known as continuous integration and continuous delivery (CI/CD).
vArmour Alliances Marketing and Communications director Preeta Raman says hardware or machines don't hold the same importance they once did, and are now just ‘mere commodities or resources' to transport businesses towards their technology goals.
“Instead, today we talk about applications and tools as business enablers: their development, management and security; cloud consumption economics; distributed platforms and integrated services. Today, the discussion is ultimately about simplicity, security, scalability, agility, and efficiency in this IT transformation,” says Raman.
“This wave of transformation is shining a beam on technologies like containers. Containers are economical, portable and convenient to develop with, and make a real impact to the bottom line in terms of resource management and utilisation.
There are several benefits to containers, including being able to crunch data center response times (due to not having to load up an operating system) when an application faces a sudden surge in activity, and more resources are needed immediately.
Perhaps the main driving force behind container adoption though is agility, as computing resources are able to be spun up and retired almost instantly.
However, in this agile container infrastructure, security is imperative.
“Container deployments have many factors in common with virtualised and cloud environments, which have long been a challenge to legacy security appliance controls,” says Raman.
“When moving from virtualised to container deployments, the density and dynamic nature of the environment increases by an order of magnitude, so the problem becomes more extreme as containers are instantiated in a matter of seconds and security needs to keep up.
Furthermore, the APIs and control plane is automated and virtualised systems introduce a tremendous amount of complexity and functionality in delivering the actual compute service, exposing a new attack surface.
And finally, there is no room to implement a plethora of security controls in the form of agents, meaning users must have adequate security within the container infrastructure independent of the actual container itself.
So is there a way to reap the benefits of the agile environments offered by containers while still remaining secure? Put simply, yes.
“vArmour makes container security simple and effective by joining the dots across IT operations - from development to infrastructure and security, using APIs and a common language. vArmour is able to translate the requirements of the business and application functionality into both the infrastructure configuration and security controls,” says Raman.
“vArmour has developed a method for consuming application context from container control planes and schedulers, such as Kubernetes and Mesos Marathon, and plugging them into flexible declarative policies. So you can pre-define application and business-centric policies of varying styles in ‘natural language' and then dynamically plug in containers as they are instantiated.
vArmour is represented by Katana Technologies, an IT security and risk-focused distributor servicing the New Zealand and ASEAN market with select and specialist partners.
Raman says vArmour has innovated with patents in multiple software security approaches, including in containers.
“vArmour's unique architecture, through our distributor Katana Technologies, allows us to wrap every asset in an environment with its own stateful, application-aware trust boundary which means it is possible to be really flexible in how you define your security policies,” Raman says.
“A tremendous benefit of vArmour's approach is that you can deploy the same set of security and policy controls across entire multi-cloud deployments (private cloud, legacy bare metal, virtualised environments, and public cloud) and we have extended those controls to container and PaaS environments.
The team at vArmour have toiled to make their platform as simple as possible, and now a business' entire multi-cloud can be protected using a single integrated system, without having to add agents or attempt to force-fit legacy controls like appliance-based firewalls into this increasingly dynamic distributed environment.
“With vArmour, the entire model is simple, secure and automated from end to end, and delivers a truly integrated and effective security stack for application porting across the multi-cloud,” says Raman.
“Container technology is leading us to a world where IT can be unshackled from local environmental and infrastructure-level dependencies, and security can be built in.
To see how simple vArmour makes securing your hybrid cloud, click here for a guided walk-through of their Application Controller product.