This article is more than 1 year old

Netflix could pwn 2020s IT security – they need only reach out and take

Workload isolation is niche, but they're rather good at it

The container is doomed, killed by serverless. Containers are killing Virtual Machines (VM). Nobody uses bare metal servers. Oh, and tape is dead. These, and other clichés, are available for a limited time, printed on a coffee mug of your choice alongside a complimentary moon-on-a-stick for $24.99.

Snark aside, what does the future of containers really look like?

Recently, Red Hat's CEO casually mentioned that containers still don't power most of the workloads run by enterprises. Some people have seized on this data point to proclaim the death of the container. Some champion the "death" of containers because they believe serverless is the future. Some believe in the immutable glory of virtual machines and wish the end of this upstart workload encapsulation mechanism.

Please allow me a moment to get a broom so I can shove the lot of them into the ball pit so the adults can have a talk.

Containerize this

Containers are both dead and not dead. Containers are the future of workload packaging, and they'll be with us for decades. This does not, however, mean that Docker will grow to be a tech titan to rival VMware, or that Red Hat's borging of CoreOS means it's now a superpower in waiting.

Containers exist for two reasons: the first is that application developers are lazy, and they let their applications sprawl all over the place in their host Operating System Environment (OSE). The second reason is that the modern OSE is largely designed more for backwards compatibility than security, and we need containers to keep these apps from infringing on one another.

Everyone who runs an application should be running that application in a container. The only possible reasons not to do so are that you don't understand how, or you haven't quite gotten to that application yet, given the number ahead of it in the queue to be containerized.

It doesn't matter if the application lives on an OSE that lives inside a VM, or if it has a box all to itself. Despite the initial hype about using containers for workload consolidation, containers aren't about packing more workloads on a given system.

A container is about security, ease of use, and ease of administration. Virtual machines are the interior walls of a building that let multiple groups of applications do their own thing separate from other groups of applications. They serve different purposes.

The future is containers and virtualization, not containers or virtualization.

Serverless versus containers

Serverless, meanwhile, is also no big threat to containers. It is a stupid name for the technology in question, which is really something between a batch script and a TSR that you run on a cloud.

One uses serverless to lash together a bunch of small apps and online services, passing data from A on through to n until complete. This doesn't do the same thing as containers. Once more, it's an "and", not an "or".

That niche thing

Nobody is going to build an empire on containers, because containers are only one part of a more important puzzle piece. The piece in question is "automated workload baselining, instrumentation, isolation and incident response". This in turn is part of the larger "IT security in the 2020s" puzzle.

No one company is going to dominate IT security in the 2020s, but there is an empire to be built on building the very best workload wrapper money can buy. That wrapper will consist of – at a minimum – containers, layer 2 network extensibility and microsegmentation, network functions virtualization, automated monitoring, and workload orchestration.

Right now, VMware has all components to build this puzzle piece. Unfortunately, they're trapped in whatever hell befell Microsoft in 2005, and by the time they realize that era's System Center isn't a role model, the world will have passed them by.

Red Hat has most of the required components, but it will probably take them at least a decade to integrate all of it into systemd. However, the bit where Red Hat has all the components to this puzzle piece does mean the rest of the world has access to those technologies too. The first entity who cares to assemble them into something usable has a chance at being IT's next tech titan. Unfortunately, the open-source world is downright awful at ease of use, so I don't have much faith in any of the current startups lashing together open-source projects turning into the next Microsoft.

Off the top of my head, however, Amazon, Google, Microsoft and – I believe – Netflix have all the pieces necessary to complete the "automated workload baselining, instrumentation, isolation and incident response" puzzle piece, and all use it internally. Amazon and Microsoft sell at least some part of it in their public clouds. Unfortunately, there's a Hotel California-class bargain that must be made to play with it.

Your workloads can be inserted into the shiny new cloud condom of your choice, but then they can never leave.

Netflix et al

If Netflix's CIO wakes up tomorrow and realizes that his firm is one of a handful of IT-centric companies with the technology and expertise required to absolutely dominate the $250bn+ IT security market of the 2020s, that market is theirs. Unlike all the other companies out there who know how to fling workloads around like pros, they have no cloud turf to defend.

Netflix's tech nerds have been working with containers for some time. They have made some egregious errors. They have failed. They have recovered. They have learned. They have adapted.

Netflix gave the world the Chaos Monkey, and then decided to build a full-scale Simian Army. They understand segmentation and isolation of workloads. They've done the work. They've experienced the errors. They could be the IT security arms dealer of the 21st century; they just have to decide whether or not they care.

But Netflix isn't the only company whose nerds have this level of knowledge. It's safe to say that Facebook probably has this kind of tech internally too. And there are a handful of other enterprises that have taken container, microsegmentation, and orchestration technologies and built the future. Any of them could decide tomorrow that they are confident enough in their tech to take it to market.

Containers aren't going to murder VMware in the study with the pipe. They aren't going to be displaced by serverless before they even take hold. Containers are just one feature among many that will be at the core of the next decade of IT security.

Which vendor(s) will pull it together and dominate that niche is still very much up in the air, but my bet is on one of the companies that have actually had to conquer ease of deployment, ease of use and ease of management in order to keep their own massively scaled solutions operating efficiently. None of the rest seems able to solve the all-important packaging problem.

Predictions in the comments, as always. ®

We'll be covering DevOps at our Continuous Lifecycle London 2018 event. Full details right here.

More about


Send us news

Other stories you might like