Containers are now go-to tools for application development in multicloud environments. But container management and security can’t get short shrift.
On the complex journey to a multicloud environment, companies often turn to containers to streamline the process.
It’s an understandable choice. Containers can bring flexibility to application development and provide ready-made, self-contained environments regardless of which cloud environment they work in.
Containers package software code and all associated dependencies into a single self-contained unit so an application can run, even as it shifts computing environments. Because they are lightweight, portable and agile, containers are suited for use between different environments, such as multicloud—using multiple public cloud providers—and, often, on-premises environments.
A 451 Research study predicted the container market will be worth $2.1 billion in 2019, and that number will more than double to $4.3 billion in 2022. All told, 38% of the companies surveyed either use containers today or have them in discovery or proof of concept. Another 10% plan to implement them within two years.
Enterprise Strategy Group predicts that containers will account for one-third of development in companies employing multicloud or those using multiple public cloud environments by 2020.
Gone are the days when a team of software developers worked on millions of lines of code to build a monolithic app from start to finish. Using containers and other microservices, development teams can work simultaneously across multiple environments on small, reusable bits of code that can be swiftly created, tested and then brought together as an application across clouds and on-premises, as needed.
Containers can bring on-premises infrastructure and public clouds closer, extending development efforts across multiple clouds seamlessly.
There’s little question it’s a multicloud world today. A 2018 Forrester Research report found 66% of companies surveyed worked with between four and 10 or more cloud providers.
In a statement about the 451 Research’s container research, principal analyst Jay Lyman said, “The promise of container technologies to increase developer speed, efficiency and portability across hybrid infrastructures, as well as microservices, are all driving growth.”
But that’s not as simple as it sounds; multicloud environments increase complexity. Exploiting containers involves a learning curve for solid setup, management and orchestration, and security best practices. Using and configuring multiple tools can be complex and cumbersome. As containers enable development teams to use them to directly deploy applications, who looks after that virtual infrastructure?
So while the convergence of containers and multicloud architectures may well be inevitable, here are some areas to consider along the way.
It’s important to start by acknowledging the complexity that multicloud can bring to an organization. That has to happen before even considering the role containers should play, said Deloitte Consulting’s chief cloud strategy officer David Linthicum. He advises IT teams to look at the bigger picture. “With multicloud so systemic, it’s making their architecture quite complex,” he said. In his experience, large companies can manage a maximum of 2,500 endpoints in a multicloud environment, and past that, disaster—and chaos—can strike. To maximize the use of containers, the first step in the process is to document the extent of the sprawl and make sure the systems and people are in place to support it all.
Another aspect to consider is how containers can integrate with existing applications and infrastructure, rather than being a silo that supports specific use cases.
The next step is to take an unsentimental look at the resources required for container adoption to be a success. According to 451 Research, there are many tools for container management and orchestration, monitoring, DevOps, security, networking and storage. But, as Linthicum said flatly, “there’s a myth out there that containers are easy.” Containers take 30% to 40% more work to set up, he said, which translates to higher costs. “It takes more time and thought to plan them out and get them in the right state to put into production.”
Linthicum’s advice is to consider the context and the budget. “Containers are doable enough if there is enough money and enough time,” he said. “But most companies underestimate the heck out of what is required.”
Most companies also underestimate the complexity involved with running containers in a multicloud environment because tools like Kubernetes make it seem so easy. Kubernetes offers container management from cloud to cloud but doesn’t promise consistency.
“Containers are not the complete answer to solving multicloud,” said Gary Chen, research manager for software-defined compute at IDC. “They’re definitely a good thing that makes things easier, but by themselves they’re not the magic bullet.”
The issue is that while the containers themselves are portable, the apps running in them could be attached to data or services that are specific to an individual cloud or location. Moving them could break that chain, potentially causing performance issues, Chen said.
Containers also require a step back when it comes to thinking about security and networking. That they can be created, used and then switched off again so swiftly has its own implications with regard to how, who and when is accessing them. A governance model with container-specific networking and security capabilities is of paramount importance to confidently manage the lifecycle of those applications with complete visibility.
If companies spend time up front on security and governance, container security can be managed, Linthicum said. “Security and governance are always an afterthought,” he said. “But you have to design security into these apps; you can’t layer it in on top.”
One potential bright spot is the rise of cloud workload security tools, which, according to a Forrester research report from late 2018, must work with everything, including containers, and support a multicloud environment.
The bottom line for containers: More and more organizations are not only testing the waters but planning to or already using containers in production; however, they should be part of a holistic multicloud strategy. In turn, these efforts may require staff training and new processes.
Valerie Silverthorne is a veteran journalist who works as an independent writer and editor specializing in technology.