Companies are under tremendous pressure to reduce IT costs. Cloud and Software as a Service (SaaS) offer significant potential cost reductions through the use of shared infrastructure and standardized software offerings. However, there are often significant concerns if the service or application stores or processes Personally Identifiable Information, important intellectual property, other sensitive information, the criticality of the system, or whether the solution opens avenues into a company’s core systems.

A new application of the technology software “containers” offers a potential approach that may reduce many of the risks in current SaaS offerings, while allowing for more security and control. Containers as a Service (CaaS), primarily using software from the open source Docker Project, allows for software to be embedded in a container and delivered to a party, without regard to the recipient’s particular infrastructure. This would allow the purchaser of the software to choose between different models of software operation, from full hosted cloud, to on-premises behind a firewall.

As more software is developed using the Docker framework, there are expected to be increased choices for software deployment within and outside an organization. This will require software providers to develop new pricing models that better reflect the resources necessary to support a customer, and customers to understand the shifting risk issues that result from licensing and running software in a new manner. New licenses need to be developed, and the license compliance implications of adding existing software to containers must also be addressed. Using Docker security and trust services would provide an extra layer of protection, as would requiring SDLC controls and a SOC2 report as minimal requirements.

[View source.]