Since the introduction of containers, DevOps has been pursuing the benefits: speed, agility, and portability. The promise of containers is what businesses were leveraging to accelerate their transformation into digital businesses. Or so we thought…Although container adoption has increased from 35% to 49%, only 20% of companies have deployed their containers in production. Why?
Depending on which report you read, either management or security top the list of challenges for containers. With Red Hat OpenShift, there appears to be a clear path to addressing the management challenges. However, security (and an often distant governance) concerns are still slowing down container adoption in production. What’s the best path forward to address these concerns?
As we all know by now, there are three primary approaches to securing containers:
- Kernel Plugins – Kernel modules that monitor the container processes. This approach requires root access to the underlying host.
- Privileged Containers – Containers running with privileged commands that monitor all of the other containers on the host. This approach also requires root-level privileges to the underlying host.
- Container Native – Security embedded within each container to monitor and protect the container. This approach does not require root access/privileges, as it runs within the container.
But which approach actually solves the security challenges without eroding the benefits of containers, specifically speed, agility, and portability? Can one of these approaches actually resolve the security challenges once and for all?
Embedding Security Within The Container Runtime
The ultimate solution is embedding security within the container runtime. By making security part of the container runtime, organizations can accelerate the deployment of containers in production by removing the friction of security. Also, this doesn’t mean that the container engine also has to be the security engine. By monitoring application, system, network, and file activity from within the running container, Red Hat OpenShift can make this data available to it’s partner ecosystem to build premium security solutions independently of the infrastructure. This approach provides the best of both worlds:
- Red Hat OpenShift provides a complete platform for containers, including security monitoring and protection
- Security partners leverage Red Hat OpenShift to build fully integrated security solutions, including containers
Extending Red Hat OpenShift
Using the industry’s first embedded security approach, Layered Insight is in a unique position to extend the capabilities of Red Hat OpenShift beyond OpenShift Origin. Layered Insight’s solutions map natively into OpenShift’s platform:
- Build Automation – Layered Assessment identifies vulnerabilities within the container image as part of the build process.
- Deployment Automation – Layered Compliance validates and enforces policies for the container image prior to deployment.
- Container Visibility – Layered Witness continuously monitors and records all application activities from within each individual container.
- Container Protection – Layered Control enforces container behavior, to protect each container, by using the vulnerability and behavior baseline information provided by Layered Assessment and Layered Witness, respectively.
The Benefits of Layered Insight and OpenShift
There’s also tangible, bottom-line benefits in this joint solution, including:
- Ship Faster – Automated, secure software supply chain to ship applications faster.
- Deploy Anywhere – Security within the container runtime allows you to deploy anywhere – private, public, hybrid or heterogeneous cloud without friction, while enforcing the same security and compliance policies required to protect your applications.
- Operate With Confidence – Full security visibility and control within the container runtime allows you to run your applications anywhere with confidence.