Want to keep your application secure? Automated deployment is a pre-requisite.
It’s been said in many ways before but I’m going to restate a security principal as “Experian’s Law”. Experian’s Law states: if you can’t push changes quickly and confidently your software will become vulnerable. This law is of course to commemorate one of the worst security breaches in history wherein hacker’s made off with the personal details of just about everyone in the western world.
The hack was based on a known-vulnerability in unpatched software. Almost all security breaches happen from known attack vectors. Often times companies will actually blame third-party dependencies for their security woes even though they had months, or often even years to patch. The truth is, its their responsibility to get security updates deployed.
If you can’t push changes, confidently, securely, and quickly your software will become vulnerable. While containers aren’t magic, they do bring a lot of the infrastructure changes into the application release flow. Underlying OS dependencies are part of the container.
A tool like Codefresh, which is built specifically for working with containers destined for production, can manage changes to both application code and the container dependencies that go with it. This is because Codefresh treats containers as first-class citizens.
Validating Application and Infrastructure Changes at the same time
One of the advantages of running containers in production is that you don’t deploy code or updates anymore, you deploy images that contain everything the service needs to run. This includes everything from the kernel, external libraries, and up into the application code itself.
Traditionally, changes to the underlying OS are considered part of infrastructure and updates are managed through a separate process.
In the case of Experian’s hack, they needed to update Apache Struts, normally considered part of the infrastructure side.
This is where Docker + Codefresh shines. The container defines the OS requirements for the application and release teams can use Codefresh to build, test, and deploy both application changes, and changes to the underlying container.
What it takes to automated the update process
The operations and software development teams need a place to come together on the requirements for deployment. Unit, integration, security, performance, and even licensing checks might be part of the process. Once you have this agreement in place you can use tools like Codefresh to document and enforce those requirements as part of an automated pipeline.
Containers and automation are not magic pixie dust
Does having an automated pipeline in place mean teams are off the hook and don’t ever have to worry about security again? Of course not! Having automation is an essential part of a good security plan but it’s not the whole thing. Of course, once you have automation in place, you can also speed up the development process. If that sounds good to you, its probably time to check out Codefresh!