Organisations hesitant to adopt containers are often wary of the challenges of securing containers in production.
Containers are popular among organisations transforming their IT operations from physical, single-tenant computing resources to a more efficient service provider infrastructure model. The container framework popularised by Docker simplifies and accelerates application deployment by packaging operating system components, applications, and all dependencies into layers within what’s known as a container image.
A primary goal of any organisation adopting a new technology should be a reduction in security risk. Organisations hesitant to adopt containers are often wary of the challenges of securing containers in production. For their many benefits, containers also represent a new layer in the application stack, which requires a new way of thinking about application security. In its Application Container Security Guide, NIST points out that as containers revolutionise application deployment, organisations must adapt their security strategies to new, dynamic production environments.