May 24, 2017

You already know how containers can help you do better DevOps. But have you thought about containers and DevSecOps? Here’s an overview of how containers promote DevSecOps.

DevSecOps is the extension of the DevOps mentality into the realm of IT security. Just as DevOps emphasizes constant collaboration between all members of the organization in delivering software, DevSecOps promotes coordination across the organization for securing systems and data.

DevSecOps reflects an effort to make security operations highly proactive, to maximize visibility into security-related issues and to ensure that security experts do not work within a silo, isolated from the developers and admins who manage other IT processes.

DevSecOps and Containers

Adopting containers is not the only way to do DevSecOps. But containers can help organizations implement DevSecOps in several ways.

Consider the following ways in which containers make it easier to do DevSecOps:

  • Containers help create a consistent environment for software development, testing and deployment. Environment consistency means fewer variables and fewer potential attack vectors—as well as easier communication between security experts and other parts of the team, since everyone is working with the same type of environment. Consistency is an essential ingredient for security, and containers help you achieve consistency.
  • Containers give you more control over software distribution. When your users install software using containers, it usually comes from a container registry. Most container registries provide access-control and binary-signature features that can help mitigate the risk of malicious code being pushed out to unsuspecting users.
  • Containers isolate applications. Running an application inside a container isn’t a complete guarantee that an attack against that application won’t escalate into an attack against other targets on the system. But in certain ways containers make privilege escalation harder. They also arguably make it easier to detect an intrusion once it has occurred.
  • Containers make it easier to limit attack surfaces. When your apps run as containers, you can minimize attack surfaces by disabling unnecessary services (SSH, for example) and limiting their exposure to public-facing networks. That makes it easier for all members of the team—developers, admins, security experts and everyone else—to design and run apps in ways that minimize potential security vulnerabilities.
  • Containers facilitate faster software updates. As a result, when an attack does occur, a patch can roll down your delivery chain and into production quickly.

In short, there’s no rule that says you have to use containers if you want to do DevSecOps. But containers can be a big help if you’re seeking to make the jump into the mindset.

Christopher Tozzi

Christopher Tozzi has covered technology and business news for nearly a decade, specializing in open source, containers, big data, networking and security. He is currently Senior Editor and DevOps Analyst with Fixate.io and Sweetcode.io.