Technology innovation is often driven by two things: agility and mobility. We happily ditched rotary phones for cordless phones, and have ultimately embraced mobile phones because they have allowed us to be more agile and mobile.
IT itself is experiencing a similar evolution in the way we build and run apps. Fifteen years ago, virtualization was becoming mainstream and was embraced as a way to more quickly deploy new servers and apps and to separate them from physical hardware. Ten years later, cloud was becoming mainstream as a way to abstract those apps and infrastructure away from physical data centers and allow organizations to quickly and efficiently deploy and scale at provider scale. Today, DevOps and containerization are driving the evolution to cloud-native apps that stress close integration and automation between dev and deployment and provide further separation between the app and environment in which it runs. Technologies such as Docker and Kubernetes empower every organization with the kind of software tools that only recently existed at the most advanced planet-scale tech giants.
These cloud-native apps come at a time in which software is becoming more core to the operations of every organization. No longer is IT just a way to more effectively communicate and share files; it’s becoming core to organizations’ competitive advantage. Once software becomes a marketplace differentiator, it’s even more important for IT operations to embrace cloud-native tools such as containers that make it easier to respond to business needs through rapid iteration and continuous improvement.
In addition to the technology industry, which is inherently more familiar with containerization, these three industries are also demonstrating innovation in their use of containers.
Maintaining security is a key goal for any industry considering adopting a new technology—especially within the government. Because a security breach within an agency could have a negative impact on a national scale, technological innovation within federal government agencies has historically moved slower than in other industries. Yet despite this history, agencies are embracing containerization to make apps and services more agile and secure.
One example of containerization in government is a military command focused on protecting warfighters from IEDs and other improvised threats. This agency uses containers to more quickly build and iterate on apps that help model the effects of these weapons and design systems to defeat them. Because adversaries are always evolving their tactics, the kinds of simulations and scenarios the organization needs to model and understand is also constantly changing. Containers allow its dev teams to focus on the apps themselves and have strong consistency from the build process, to QA, to production, reducing the time it takes to update its apps to handle new physical world threats. Prior to using containers, the organization had to spend significant time and resources on managing and debugging underlying infrastructure; containers abstract the infrastructure from the app much more cleanly and allow them to focus more time on delivering value in the app rather than debugging setup and deployment problems.
While containers are a relatively new technology, many other government agencies are actively using them to improve mission services and deliver government more efficiently. For example, some of our other government customers use containers in big data scenarios for public health research, others in apps to detect fraud in mortgage lending, and others to make immigration processes safer and more efficient. The wide usage of containers across the federal government led NIST to create Special Publication 800-190, the Container Security Guide, to help agencies and the public understand best practices for running containers securely.
Healthcare providers and the various companies that work with them have a lot to consider when evolving their development processes. How do they keep patient information secure while still allowing developers to build websites and tools that can keep up with expectations for accessibility and ease of use? Healthcare IT often has two key goals: improving patient outcomes and lowering delivery costs. Containers are valuable tools in helping to achieve both of these simultaneously because they facilitate getting app improvements to market more quickly and efficiently.
One of the largest health insurance companies in the United States uses containers to run the back end of its consumer-facing e-health platform. This platform enables its customers to track claims, manage prescriptions and view their medical history from any browser and from their mobile apps. The company has more than 25,000 images in its environment and has decomposed its applications into a collection of microservices that can be more easily iterated upon, deployed and scaled. Containers allow the company to focus on making many small improvements quickly, rather than maintaining large monolithic apps that are difficult, expensive and risky to change. The portability of containers also enables the company to have great flexibility in where it runs its apps across a combination of public and private clouds, depending on business needs and security requirements. Rather than being tied tightly to specific infrastructure, containers enable the company to deploy and run exactly the same app on its dev workstations, in its public cloud QA environment and in its production private cloud.
Some of our other healthcare customers use containers for other scenarios. For example, one of the largest medical research universities uses containers to track and analyze data from trials of new therapies. In another case, a top-tier medical device manufacturer uses containers to provide back-end analytics and proactive maintenance services for CT scan systems. In a final example, a managed service provider specifically focused on delivering HIPAA compliance in public clouds uses containers to help providers lower costs by transitioning apps from high-cost self-managed data centers to public cloud providers. In each of these use cases, containers are enabling better agility and lower costs by providing greater separation of apps from infrastructure and ensuring consistency across operating environments.
Banks and credit card providers handle and process sensitive, high-value information as their core business. At the same time, few industries have seen the degree of technical disruption and heightened customer expectations that financial services has. This sector is simultaneously subjected to cyberattacks of ever-increasing sophistication, while also being pushed by customers to make personal banking more mobile and connected. To meet these needs, financial services organizations need to build apps that are architecturally transparent—in which there is an implicit and clear understanding of the components and their boundaries—so that they can be secured and scaled. Containers have some fundamental characteristics that make this possible. Their minimalistic and declarative nature make them more transparent from a security standpoint and, when combined with orchestration platforms, make it easy to dynamically scale apps as customer needs increase.
One of the largest global financial services firms runs an internal container-as-a-service (CaaS) platform that provides a centrally managed, secured environment for multiple business units to share and run a diverse variety of apps. For example, this CaaS platform hosts apps related to bond trading, derivatives and retail banking. The isolation that containers provide allows for more efficient usage of resources, and the firm uses a zoning approach to group together containers of similar sensitivity levels on to specific hosts. This firm has closely integrated its upstream development process with the platform, allowing developers to easily start a highly automated QA, security evaluation and deployment process onto the CaaS platform as they improve the apps. Containers enable a high degree of consistency across environments and are broadly extensible, leading to automation of the deployment workflow.
We’ve seen other financial services companies using containers in innovative ways as well. For example, one uses containers to support a free credit score monitoring app that helps match customers with credit card offers aligned with their needs. Because the app is directly consumer-facing, rapid iteration of the user experience is a key part of its approach, and containers help the company deliver updates more rapidly. In another case, a large wealth management firm uses containers to run an app that helps its clients plan for retirement.
As the usage of the app within its client base grew, the company had access to more data inputs and a containerized microservices architecture helped it scale the service to ingest and use these new data sources to enrich its planning results. Finally, another customer is a leading credit card provider that uses containers’ help to surround existing legacy apps with new front-end services, helping it integrate sometimes decades-old core technologies with modern mobile apps. Because containers enable iterative development processes, the company can add individual pieces of functionality to its existing base without the risk and cost associated with a wholesale platform migration.
Containers are the kind of once-per-decade disruptive technology we’ve seen before with virtualization and cloud. Because they enable better agility and more rapid innovation in software, they’re less of a vertical specific technology than a fundamental shift in the way organizations of all sizes and across all industries are building and running their apps. Their usage in government, health care and financial services—industries not often considered to be early stage technology adopters—shows their broad benefit and utility. As “software eats the world” and “every company becomes a software company,” containers are a key technical innovation underpinning this transition.
About the Author / John Morello
John Morello is the Chief Technology Officer at Twistlock. As CTO, John leads the work with strategic customers and partners and drives the product roadmap. Prior to Twistlock, John was the CISO of Albemarle, a Fortune 500 global chemical company. Before that, John spent 14 years at Microsoft, in both Microsoft Consulting Services and product teams. He ran feature teams that shipped security technologies in Windows, Azure, and Office 365 and served as the Lead Architect of the hybrid cloud consulting team for the Americas. Connect with him on LinkedIn and Twitter.