A proof of concept at Interop19 showed just how simple a container deployment can be.

Containers are a very big deal in enterprise computing right now. If your organization isn't already using them, then trends indicate it probably will soon. This application virtualization technology has had profound implications for some companies that have embraced DevOps, and there is plenty of potential for it to have a similar impact on security operations.

To understand why, it's good to start with an understanding of just what containers are. A modern application is a collection of pieces of code: the main application itself, configuration files, and custom files on which it depends. These tend to be unique to the application as it's configured to be deployed on a given server.

A container bundles all of these things up into an image that can be saved and deployed quickly, consistently, and automatically across multiple servers. If differences exist in the operating system details between the development and production servers, the container insulates the application from them, making application movement between development and operations very fast and straightforward.

So what are the implications for security in all of this? One is that containers can allow vulnerabilities to quickly propagate if developers trust that all code in an image has been properly reviewed and updated. Conversely, a more positive implication is that specific network and application configurations can be tested, saved as images, and then automatically deployed when an attack, malware, or other problem takes the network or application delivery system down.

Because container technology is still relatively new, many IT managers are reluctant to depend on it. They also worry about complexity. But fear not: At Interop19, the Network Orchestration Hands-on Showcase decided to do a proof of concept that showed just how simple a container deployment can be — and why containers can be important to even a smaller organization. The demonstration involved primary and secondary network links with monitoring and network control applications deployed on the simplest of servers — Raspberry Pis.

Here, we'll look at the individual components used in the showcase and how each could be used by a security team to replicate the work done at Interop. Most are software, a couple are languages (or language-like), and one is hardware. (To help those who are interested in replicating its experiment, the Interop Demonstration Lab team has placed all of its containers and support code on GitHub.)  

Is your organization using containers? Are you using them in your security infrastructure? Let us know in the Comments, below. 

(Image: Curtis Franklin, Jr. for Dark Reading)

About the Author(s)

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights