Successful Container Use: Points to Consider

Developing software is fraught with potential dangers. Bugs and errors often occur because code that was developed in one environment doesn’t always run exactly the same when it is deployed in another. A method that helps avert this danger is running software in containers in the cloud. Kubernetes, Docker and other containerization ecosystems are growing fast for this reason. In fact, the “2019 Container Adoption Survey” found 89.7% of the respondents use container technologies in production.

Benefits of Using Containers

Containers hold a great deal of promise, particularly in terms of increasing developer speed and efficiency across hybrid infrastructures. Containers typically are a collection of pieces of software and an environment that run together as a coherent system. Developers make these systems in the form of container images, test them and make sure they’re acceptable, then deploy them to large environments where the platform instantiates identical replicas from the image, ensuring it’s the same software running everywhere. Containerization enables repeatable deployments of identical software.

Containers don’t need as many resources as traditional virtual machine (VM) environments or hardware because they don’t include operating system images. With VMs, developers may need to buy more hardware because they reach capacity more quickly. Though workloads can certainly be placed in VMs, using containers is a superior approach because it has a better chance of success as cloud computing moves from simple to complex, distributed architectures.

Because they provide a consistent deployment environment that can be used at all stages of the delivery pipeline, containers make software delivery simpler and more predictable. Applications running in containers can be deployed easily to multiple, different platforms and cloud providers. Whether you’re building your software, testing your software or deploying software in production, you can use the same environment to host the software. They also can help enterprises modernize legacy applications and create new cloud-native applications that are both scalable and agile.

Security Concerns

Though containers have their benefits, they can’t do everything. They alleviate some concerns about how the differences between your development environment and your production environment will affect your application. But they aren’t totally immune to the types of bugs and errors that plague traditional software development.

The fact that flaws, outages and security incidents still occur is proof that testing tools don’t catch 100% of issues. In fact, a recent report by Snyk found that the top 10 most popular Docker images each contain at least 30 vulnerabilities. On top of that, if you install any container with an older version of an application, there’s a high likelihood that it will contain vulnerabilities. The adoption survey noted above found that security is the most difficult challenge to overcome when deploying containers.

Such security concerns pose risk for system outages and downtime that can cause significant economic and reputational impact. The Ponemon Institute “Cost of a Data Breach Study 2018” found that an hour of disruption can cost a small company $8,000, a medium company $74,000 and larger enterprises roughly $700,000. It’s been a challenge in IT managing the problems that emerge from mixed-and-matched software deployments, and that’s what containers solve. However, the issue is that if someone creates an exploit that works against one container, now there will be identical software running everywhere—and it’s going to work against all those containers.

A Different Way to Test

To help keep such potential issues at bay, a new approach is needed for testing besides just sticking applications in containers and running with them. QA teams need to make sure they test containerized apps under all of the circumstances that might be present in production. That’s because containers could behave differently due to variables ranging from system hardware to unexpected network traffic. And by testing in production, bugs are detected before they go live and threats are isolated before they have an impact.

Success With Containers

Containers are not a cure-all for developers, but they do have definite advantages for software applications and testing. They offer manageability and predictability, but they also present security risks that can’t be ignored. Using them effectively involves testing applications with production traffic so software can be released without bugs or vulnerabilities. This gives customers what they want while minimizing the potential for outages, extra costs and reputation damage.

Robert Ross

Robert Ross is the founder and CTO of Curtail Inc. Prior to Curtail, Ross served as CTO of Translattice, as a research scientist at McAfee and as a developer at eEye Digital Security. He also developed deception-based systems and high-speed network intrusion detection systems at Recourse Technologies, which was acquired by Symantec. He holds more than 15 patents in computer security, database and distributed systems technologies.

Robert Ross has 1 posts and counting. See all posts by Robert Ross