'Cloud Containers' May Be a Digital Package Banks Can Accept

Banks have generally rained on the parade of cloud computing, but even they may embrace a new way of packaging software called "cloud containers."

All the major cloud providers, including Google, IBM, Red Hat, Microsoft, and Amazon Web Services, have announced pushes involving the technology in recent months.

"Everyone is going container crazy," Henry Baltazar, a storage analyst for Forrester Research, said at a recent conference on cloud and mobile technologies.

A cloud container is a kind of virtual operating system that lets developers place an application in a digital package that easily moves from one cloud-computing environment to another. It makes it easier to develop apps for different operating systems.

What does this mean for bank IT departments? Banks for the most part have been cautious about adopting cloud computing. But many — 46% — do use the cloud for application development and testing, according to a recent Cloud Security Alliance study. Using a cloud container, a team of developers could create an application that could be hosted by one provider and later moved to another, or could be moved within a private cloud.

Few banks have gone public with their use of cloud containers. ING Group has said it uses Docker to update 1,400 different applications a day; Goldman Sachs uses Docker to build and deploy the software it runs internally. Docker is the name of a company and an open-source environment that has become synonymous with this technology, like Kleenex and facial tissues.

Adrien Blind, a development-operations coach at Societe Generale, told attendees at a recent Docker conference that cloud containers simplify bank IT departments' work, letting the application-development teams focus on a container's content without having to worry about which system it has to run on.

Don Sheppard, a former bank technologist who is now senior consultant at ConCon Management Services, envisions three primary uses of containers in banks.

One is in an internal private cloud. "A first pass is anything that the bank might consider suited to hosting in a cloud environment," Sheppard said.

Second, containers could be used for any app where moving an application from one cloud to another is needed.

Third, they can be used for apps that could incorporate reusable components.

"Banks would certainly be interested in the portability and interoperability" promised by cloud containers, Sheppard said.

Small services and components are a good fit for containers, he said, which would suggest they are better suited to new software projects than existing apps, especially large ones. "They may be best suited for new developments that would be cloud-based from day one," he said.

But Sheppard said it is too soon for a bank to use a container like Docker for anything that is critical to its business.

"Although things are moving rapidly, I suspect there are very few production apps in place yet, and even fewer experts to support the software," he said. "I would say the time is right to get some bank development architects and experts trained on it, to get it into the lab if the bank has one, and possibly to begin getting ready by ensuring the underlying cloud service providers are committed to offering container services. If the bank does not have one, now is the time for a cloud policy and strategies."

Though the term "container" sounds like the technology would provide a measure of security protecting the application, it does not, observers said.

"Security concerns are not a reason to choose containers," said Joerg Fritsch, research director of security and risk management strategies at the consulting firm Gartner. "The deployment process and application architecture will decide whether containers are the right place to put your software."

Security is built around containers and not into them, he said. "To date, container security consists of so many options and there are no best-practice templates or cookbooks that would lead to, for example, PCI [data-security] compliance," he said. "This does not mean that it is impossible to use containers as a viable alternative to virtual machines, but unexplored fields constitute a larger technology risk for the pioneers."

Fritsch notes that some vendors have recognized the uncertainty around the security of containers and are trying to load customers with security add-ons "and state that, 'This is the way to do secure containers.'"

Sheppard agrees.

"I suspect that the security aspects have not yet been thoroughly tried out, given how young the products are," he said.

For reprint and licensing requests for this article, click here.
Bank technology Cloud computing PCI
MORE FROM AMERICAN BANKER