Application containerization is gaining traction given its potential to increase efficiencies and data security options, and decrease cost, according to new expert analyses from ISACA; but it also brings its own risks.
A pair of new ISACA white papers offer insights and guidance on containerization. ‘Understanding the Enterprise Advantages of Application Containerization: An Overview,’ provides a summary of the rising popularity of containers; and ‘Understanding the Enterprise Advantages of Application Containerization: Practitioner Considerations,’ offers practical guidance for assurance, governance and security professionals.
ISACA defines an application container as “a mechanism that is used to isolate applications from each other within the context of a running operating system instance.” Containers let data centers / centres deploy business applications more rapidly. Increased business agility, lower costs and more efficient use of resources are among the other factors sparking increased global adoption.
Containers execute application processes isolated from each other on the host operating system. This makes each application more ‘portable’ and allows more applications per physical device relative to operating system virtualization. The separation also can have security advantages, potentially allowing the applications to be more available for updates and security patches.
Isolating applications into containers instead of running them on the host operating system can bolster security. According to the ISACA guidance, practitioners can leverage containers to achieve several security benefits, including:
- Immutability of infrastructure;
- Application hardening;
- Streamlined patching;
- Automation of security controls.
While containers are capable of adding value, they also can introduce areas of risk. Interference with the isolation mechanism can impact the underlying operating system and other containers that are on the same host. Weighing business benefits from containerization against the risk requires practitioners to not only understand their organizations but also the enterprise threat context.
“Containerization technologies are changing the business and technical landscape within organizations. They represent an area of potential value and also of potential risk,” said Ed Moyle, ISACA’s director of thought leadership and research. “Practitioners seeking to understand the risk equation for their enterprises need to understand both sides of that equation. Doing this allows them to select the appropriate controls – and appropriately monitor their performance in an ongoing way – to ensure that their organizations stay protected and make best use of technology to satisfy the goals of their business and stakeholders.”Complimentary copies of both white papers can be downloaded at www.isaca.org/containerization