Strengthening Container security Initiatives
While the new world of IT offers a radically new way for businesses to innovate, it brings a replacement set of vulnerabilities thanks to lack of visibility, proper controls, and security. And, with the vast amount of security breaches happening today thanks to vulnerabilities in open source components, like example Heartbleed, Shellshock, and Poodle, organizations are increasing that specialize in making the software they build safer.
Addressing the constantly changing landscape of open source security threats can seem a never-ending process. virtualization technologies organizations increasingly address containers to enhance application and agility, vendors are plugging security holes while attempting to expand flexibility for container deployments.
How container security currently works
Container providers’ main focus today is to use encryption to secure the code and software version running in Docker users’ software infrastructure to guard users against malicious backdoors in shared application images and other potential security threats. However, this method covers just one aspect of container security, excluding whether software stacks and application portfolios are free from unknown, exploitable versions of open ASCII text file.
Docker Content Trust only ensures Docker images contain the precise same bits that the developer originally put there, but does alert users of any vulnerabilities already present within the open-source components. In fact, a current study by BanyanOps found that quite 30 percent of images in Docker Hub is highly vulnerable to a spread of security attacks including Heatbleed and Shellshock.
Security Risk 1 – The new threats to old versions
Knowing that the container is freed from vulnerabilities at the time of initial build and deployment may be a necessary but insufficient requirement. New vulnerabilities which will easily impact older versions of open source components are being constantly discovered. An informed open source technology that gives selection and vigilance to users is important to avoid this.
Security Risk 2 – Data sensitivity and container location
The security risk posed by a container also depends on the sensitivity of the info that’s being accessed by it, also because of the location during which the container is deployed.
The security risk posed by a container also depends on the sensitivity of the info that’s being accessed by it
Whether the container is deployed on the interior network behind a firewall or whether it’s internet-facing will affect the extent of security risk. information technology schools Containers deployed on an indoor network behind a firewall, for instance, won’t be exposed to a publicly available attack.
For this reason, it's critical to remember where your open source software is found, whether the code exhibits security vulnerabilities, and whether a pointy open source profile exists. In other words, having visibility of the code inside containers is critical to container security.
Will this slower down container adoption?
Analysts hold diverse opinions on whether concerns over security will hamper container adoption.
Business necessity is probably going to stop container adoption from slowing down, as containers have proven to supply many benefits to businesses. These include improved scalability, fewer errors, faster time to plug, and simplified application management.
Dave Bartoletti, the principal analyst at Forrester Research, believes security concerns won’t significantly slow container adoption: “With virtualization, people deployed anyway, even when security and compliance hadn’t trapped yet, and that I think we’ll see tons of an equivalent with Docker,”
Meanwhile, Adrian Sanabria, a senior security analyst at 451 Research, believes enterprises will give containers a good berth until security standards are identified and established. “The reality is that security remains a barrier today, and a few companies won’t go near containers until there are certain standards in place”, he explains.
Whatever the case, what's clear is that security remains a priority as application container deployment ramps up. The presence of vulnerabilities altogether sorts of software is inevitable, and open source is not any exception. As security and other gaps within the container ecosystem are filled, organizations are best served to require advantage of the automated tools available to realize control over all their software infrastructure elements, including containers. Taking the lead in fixing a robust application security strategy is imperative to all or any business and one that they ought to proactively be seeking to deploy.
An Introduction to Continuum
Every now and again we wish to offer you, our loyal readers, the lowdown on the businesses that have caught our eye. I sat down with Paul Balkwell, European Sales Director at Continuum to talk about what he has been up to recently at Continuum’s European Headquarters within the Thames Valley. Paul has an abundance of experience within the tech industries, 23 years to be exact.
Paul has built successful growth strategies for SaaS and IT Managed Services organizations, including the setup and delivery of a multi-million-pound recurring revenue IT Managed Services business that, after 12 successful years, was acquired by the number one UK telecoms provider. before joining Continuum, he was Head of Managed IT Services at IP Integration within the UK. Paul also served as a New Business Sales Manager at Business Relations International for several years and was elected to CompTIA’s UK Channel Community council in 2015. Suffice to mention, he's quite qualified to be one of our featured experts!
Paul Balkwell, European Sales Manager, Continuum Managed Services
Paul, are you able to tell me a touch about Continuum?
PB: Continuum is a 24/7 channel only white-label Remote Monitoring and Management (RMM) organization.
Unlike tons of the RMM providers who are software-only, we are unique, as we've approximately 650 engineers which will resolve up to 90% of all issues also as perform all routine maintenance and patching on a “pay-as-you-grow” model. We don’t tie our partners into lengthy contacts, just a monthly rolling agreement. Basically, we deduct all the “daily grunt work” to release internal resources to consider other revenue making activities.
So what does that mean for your clients?
PB: With most RMM providers that are software only, you would possibly are available the morning to a few hundred alerts that your engineers need to run through. With Continuum, you would possibly have 8 resolved tickets detailing what the difficulty was and what steps we took to repair it. Our partners even have the power to pass issues to our engineering teams offering a real extension to their internal support teams.
Now for the one we always ask, what does one consider the Cloud Industry at present?
PB: It’s an exciting and growing market though I still think we are during a hybrid world where both business and residential users have a mix of onsite and cloud services.
What would you say are Continuum’s main strengths?
PB: Being channel only and mixing our Remote Monitoring and Management software platform with our Network Operation Centre, populated with 650 engineers, makes us an excellent vehicle for Technology Managed Services Providers to scale and grow reoccurring revenues on a pay-as-you-grow model.
What does one think sets you apart within the competitive cloud marketplace?
PB: the very fact that we aren't just a “Software as a Service” offering, we provide a pay-as-you-grow “Service as a Service” model giving our partners the liberty to feature, change and modify their offerings without the burden of being tied into a long-term contract. This differentiates us and ensures our clients are becoming the extent of service they require.
Can you describe Continuum’s ideal client for me?
PB: We wish to consider our clients as partners to Continuum’s offerings, really they're any organization offering Technology Managed Services, from SME to Enterprise including; IT Managed Services, Break Fix, Telecoms, Office Equipment, and Data centres providers that are looking to grow their business more efficiently.
Our partners manage clients in many various aspects of the business starting from the very small to the enterprise level of organizations. We enjoy having a broad spectrum of business sizes to figure with, it keeps things fresh!
Where you see Continuum heading within the future?
PB: within the future, we’re looking to continue our European growth and to continue offering additional services and revenue streams to our partners including, better of breed IBM Softlayer, which we’re really excited about, and Managed Backup & Disaster Recovery Service (which is approaching Jan 16!).information technology degree Plus Network Monitoring and determination Service including, Firewalls, routers, and switches. Continuum has an exciting and has packed future ahead!
Want to read more? inspect a number of Paul’s featured articles on Compare the Cloud by clicking the pictures below!