March 1, 2024

Last Updated on April 16, 2024

In the ongoing effort to connect DevOps with traditional security and compliance, containers loom large. How do you secure them at speed and scale?

First you need to understand what they are, what’s in them, and why they became the foundation of modern software architectures.

 

What is a container?

Think of containers as the evolution of virtualization.

Virtualization lets you run multiple virtual machines (VMs) on one physical computer. Containerization takes that up a level in terms of abstraction and separation.

Containers let you run multiple applications in isolated virtual units within a VM, sharing the same operating system. These smaller units are easier to deploy and manage than VMs.

Another way to view it is that VMs abstract physical hardware, while containers abstract operating systems.

 

What does a container contain?

A container is basically a packaged image or a packaged set of libraries and code that can run on a shared operating system together with other containers. Simplistically, every container contains an application.

What’s not inside a container? There is no kernel; that resides on the VM that runs the containers. There is no network or firewall, as those are also running on the VM.

 

Why do developers love containers?

A big advantage of containers is they let developers focus only on the application without worrying about the rest of the infrastructure.

This makes possible a major change in software architecture. With containers, each application or component your team is coding can be worked on independently. Once up and running, they can communicate with other applications and workloads over the network via consistent protocols.

This independence naturally spawns smaller application units—now called microservices. The overwhelming benefit of microservices is greater development velocity.

Why? Because it’s easier to make progress on containerized microservices given fewer dependencies and gating factors between teams. If one component fails, it doesn’t mean the entire application fails. The bigger the development organization, the bigger this advantage can become, and the faster software delivery can scale.

As smaller computing units, containerized microservices also utilize compute resources more efficiently. You can spin up more instances of only the microservices you need within a single VM, rather than proliferating multiple instances of a bigger application, each in a separate VM.

But containers need not be ephemeral. They run the gamut from “serverless” services like AWS Lambda to more stateful instances that might spin up and down by the minute, the hour, or over longer periods. A container’s “lifespan” can be whatever it needs to be to meet business needs.

 

What’s next?

For more guidance on this topic, listen to Episode 133 of The Virtual CISO Podcast with guest Shauli Rozen, CEO and co-founder at ARMO.