Q
Manage Learn to apply best practices and optimize your operations.

Does a containers-as-a-service platform support governance?

The introduction of containers can certainly complicate governance, especially when working with microservices. Here's how a containers-as-a-service platform can help.

As was once said by Silicon Valley celebrity Marc Andreessen, "software is eating the world." In a similar way,...

containers are eating the world of software. Applications are moving from VM-heavy infrastructure to lightweight container-driven ones.

However, in the rush of this mass migration to container-based infrastructure, many IT operations teams have been left wondering how to structure governance for a completely new infrastructure stack. Luckily, a containers-as-a-service platform can help organizations acclimate themselves to this new kind of infrastructure.

How containers as a service can help

Once container images achieve wide use in an organization, it's important that high-impact issues related to security and governance are identified immediately. This should then trigger rebuilds of parts of the application that might be impacted or are vulnerable. This is where a containers-as-a-service platform can help implement governance at scale in a decentralized model and still keep it robust.

Containers demand a new approach to governance and security, and rather than build this model from the ground up, it may be better to go with a battle-tested platform that has governance baked into it at every level.

Many containers-as-a-service platforms are also designed for security. Running microservices applications in a container environment designed for security gives developers the convenience of using containers, while maintaining high levels of image quality and security. Rich Sharples, senior director of product management at Red Hat, commented that the company's containers-as-a-service platform, OpenShift Container Platform, "ensures some services can only be accessed through more secure means (using Transport Layer Security) and only from certain locations (domains, IP address ranges)." Containers demand a new approach to governance and security, and rather than build this model from the ground up, it may be better to go with a battle-tested platform that has governance baked into it at every level.

Enabling needed network security

Securing services at the network layer is extremely important. This is typically done through policy-based network security. In this method, services access resources from the system, and other services take only as much as they need and no more -- a practice that is in line with the principle of least privilege. Tools like Project Calico are enabling this kind of network security and are ushering in a modern service mesh that is secure at scale.

Security goes from being a single peripheral firewall to a collection of small, secure services. It's a lot easier to secure these small services, and the attack surface is reduced because each service is isolated from the others. Even if one service is compromised, the other services are theoretically safe. This is not the case in a traditional monolithic application, where the entire application is compromised once the peripheral firewall is cracked.

This is another area where a containers-as-a-service platform can help, because a great thing about the container tooling available today is that the tools are well-integrated with each other. For example, the OpenShift platform provides a managed service for Kubernetes with built-in security features, as well as full support for tools like Project Calico.

Next Steps

Access our developer guide to container and microservices deployment

Learn why microservices and containers are complicating cloud-native security

Discover how to brace your infrastructure for the introduction of microservices

This was last published in September 2017

Dig Deeper on Holistic governance, risk and compliance (GRC)

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What are your thoughts on the effectiveness of a containers-as-a-service platform?
Cancel

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide.com

SearchWinDevelopment

DevOpsAgenda

Close