Industry executives and experts share their predictions for 2019. Read them in this 11th annual VMblog.com series exclusive.
Contributed by Fei Huang, CEO, NeuVector
Container Solutions Consolidate, Security Shifts Left (Then Right), and Cloud 2.0 Arrives
Before
I share my thoughts about 2019, here's a quick review of last
year's predictions. First, I predicted
that enterprises would migrate to containers in production - first at the edge,
and cautiously. This has, in fact, happened in 2018! Container production
deployments have more than doubled, driven by the maturity of container platforms
like Kubernetes, OpenShift, Docker EE, etc. We're seeing customers growing
their Kubernetes production deployments to encompass thousands of
virtual/physical servers.
I also forecast that automated CI/CD pipelines will continue to
require many manual steps.
Advances in this area have actually been quite rapid, as we see
companies with full DevSecOps and DevOpsSec automation. Yes, they do a lot of
customization and scripting to connect all the tools together, but it really
works as expected.
I believed that serverless computing would remain just hype
throughout 2018, and largely impractical for the enterprise. While we might
start seeing serverless computing in production in some specific use cases, I
believe it's generally still a bit further away - and Gartner
agrees.
I predicted that hackers would continue to run free, terrorizing
enterprises and consumers. Data breaches are indeed heating up again and
new attacks are coming to container world. Cathay Pacific Airways recently suffered
the
biggest ever airline data breach
when migrating to cloud and container solutions. Docker
Hub had to remove malicious
containers from its public repository. Cryptomining containers were found in
Tesla's public cloud. The security risks of container infrastructure are now well recognized,
thanks to these lessons learned.
I surmised that Kubernetes would reign supreme, dominating all
orchestration tools. This has certainly come true already. Almost all
container platforms have selected Kubernetes for their container management
system, including Docker, Rancher, Pivotal, Mesos, Amazon, Azure, IBM, Alibaba
Cloud, Oracle, etc. This standardization has been a benefit to upper layer
solutions, such as security and storage. Customers are also convinced they can
safely go into production, with far fewer worries about vendor lock-in.
Finally, I predicted that the first multi-cloud container
deployments would go into production this year. It is certainly the case
that companies are using different clouds together, or hybrid cloud
infrastructures. Containerization has spurred this forward, while offering
enterprises a simpler and superior path in their cloud migrations.
Looking forward to what will be an interesting year ahead, I
predict that these four things will (probably) happen in 2019:
1. Container solutions will begin to consolidate.
IBM's
acquisition of Red Hat is an indication that
containers and Kubernetes will play a critical role in enterprise workload
management going forward. IBM made a big bet for the future. This should
accelerate the speed at which containerization matures - meaning that hundreds
or thousands of large enterprises will have a solid path to migrate to cloud
services either in private, public or hybrid clouds. Customers' applications
and data will continue to be essential, while infrastructure will be based, to
a greater degree, on interchangeable platform services. This will also
trigger more consolidation and integration of solutions around the
ecosystem, such as container security solutions, virtual network solutions,
and virtual storage solutions.
2. Security will go deep with service mesh.
As new attack vectors arise, additional layers of virtualization
are bypassing tradition security methods - especially in the areas of network and
host security. Hackers are leveraging new technologies such as Kubernetes and
container APIs, and security solutions need to react instantly
and feature automated intelligence. The addition of security mesh within
service mesh will provide strong inline protection, with advantageous
knowledge of application context.
3. Security will shift left, and then right.
With more and more containers deployed in production, a greater
number of enterprises are realizing that all the scanning and host security
precautions still leave them vulnerable and blind to zero-day attacks. Whereas
in the past, security measures may have been added to container environments
late in the development process (and only as an afterthought), security is now
"shifting left" to more effective implement measures from the start of
development. At the same time, enterprises are now utilizing container
environments in production, necessitating a "shift right" as well. For example,
at NeuVector we've designed our Kubernetes security
platform to secure container
environments throughout the full build-ship-run lifecycle, in recognition of
this need.
4. Cloud 2.0 is coming.
Combined with new technologies like containerization,
serverless computing, service mesh, security mesh, hyperscale and cross
cluster management, etc., I think Cloud 2.0 is coming our way. Future cloud
infrastructure need not be limited to be VM-centric; instead, it
will become more and more service and data-driven. Kubernetes offers
a strong opportunity to make this shift a reality. The goal is for all cloud
functions and features to be enabled to serve business needs directly and
instantly, whether it's security, storage, networking, etc.
##
About the Author
Fei Huang is CEO at NeuVector, a Kubernetes security company that uses
behavioral learning and firewall technology to secure containers during
run-time. Fei has more than 20 years of experience in enterprise security,
virtualization, cloud and embedded software. He was part of the founding team
of Cloudvolumes (acquired by VMware) and cofounder of Provilla, a DLP security
company (acquired by TrendMicro). Fei holds several patents in security,
virtualization and software architecture.