Containers are on the rise. As reported by GlobalNewswire, Allied Market Research estimated that the application market would grow from its 2016 value of $698 million to $8.20 by 2025. With a compound annual growth rate of 31.8% between 2018 and 2025, this increase would largely reflect both the surge in popularity in application container technology along with a growing number of organizations’ migration to the cloud.

Not all is rosy with application containers, however. Indeed, Allied Market Research found that security risks held back the growth of the application container market to a certain extent. Such risks aren’t going anywhere anytime soon, either. As a result, organizations that are looking to incorporate containers into their environment need to be aware of these security risks.

DevOps Connect:DevSecOps @ RSAC 2022

This blog post will discuss five of those dangers in particular: enabling microservices, reliance on insecure base images, incomplete container visibility, unrestricted container communication and insecure container configurations.

Enable Microservices

CIO explains that containers are a type of technology that consist of an entire runtime environment including binaries, libraries and other components. By design, containers render differences in OS distributions irrelevant. They therefore make it easy for DevOps team members to allocate resources and share code.

Like containers, microservices are useful. But they’re primarily advantageous to developers. Gravitational traces this benefit to the fact that microservices abide by a software design that’s geared towards completing smaller tasks. As such, microservices make it easy for development teams to deploy code without interrupting other team members and scaling their services.

While independent, containers and microservices are closely related. Containers help to enable microservices in that they make it easier to break down tasks into smaller elements and share those portions with other team members. The problem is that microservices create security risks for organizations. (Read more...)