What is Persistent Storage (and How Can it Keep Your Containers Secure)?

Containerization is now an everyday part of the software development process. This enables professionals to quickly and easily package up their code and its dependencies to ensure that no matter what infrastructure it's deployed on, it can run consistently and smoothly.

This can solve many of the headaches associated with developing software solutions at scale across multiple environments. As well as allowing applications to run anywhere, at any time, it's less resource-intensive than alternatives such as full virtualization, offers improved productivity and consistency, and is more secure, as containers are fully isolated from other parts of the network.

Security in particular is an increasingly pressing concern for many enterprises, especially in an environment where threats are growing all the time and the cost of a data breach can be high. It's vital that sensitive data is protected at all times, so storage needs to be a top consideration.

Therefore, it's important for IT pros to consider the use of persistent storage solutions when working with their containers, and understand what impact this will have on their security landscape.

What is persistent storage?

Persistent storage is any storage medium that retains its data once the power source to it is switched off, and can be contrasted with non-persistent, or volatile solutions such as RAM and cache systems.

This can be anything from a hard drive to a solid-state USB stick or physical media like a CD or backup tape drive. You may also see it referred to as non-volatile storage.

When working with containers, persistent storage usually refers to storage volumes that are normally associated with applications like databases, which you can access even if the application isn’t in use.

Using persistent storage with containers

Persistent storage delivers a range of advantages when used as part of a containerization strategy. In the early days of this technology, there was no option to deploy persistent data storage media within containers, which meant that when the app finished its work and the container was destroyed, the data created within a containerized app would disappear.

However, newer developments have overcome this hurdle, so developers are now able to retain this data in familiar storage solutions. This greatly changes what can be achieved using containerization and makes it easier to retain what would otherwise be ephemeral data.

There are two ways of adding persistent storage to containers: bind mounts and named volumes.

Bind mounts

Bind mounts enable a container to share a directory with the host by creating a mapping between the container's file space and the local system. This is especially useful if you want to store files on the local machine that will be available if you restart a container, or if you need to share data between containers.

Named volumes

The other method, named volumes, takes a similar approach, but the paths are mapped to a specific path, either on the local machine or elsewhere. This means any container with access to the named volume's location mapping can reference it, allowing them to support ephemeral container operations as containers redeploy on different physical resources.

Persistent memory storage allows developers to save important data from a session for reuse or analysis later. It also improves the portability of containers by making it possible to migrate an application across multiple environments and move data between clouds.

The security benefits of persistent storage

Containers already offer an inherent level of security when in use, as they’re isolated from other parts of a network and operate independently, which in theory can prevent any malicious code from entering the environment. However, application layers are often shared across containers in order to improve resource efficiency, but this can also open the door to interference and security breaches.

Normally, one advantage of the volatile storage traditionally used in containers is its ephemeral nature. The fact it disappears when power is lost makes it less of a security risk. However, when moving away from this solution to persistent media, extra considerations must be taken.

When it comes to protecting data used within containers, persistent storage offers a number of security advantages. It meets security requirements in areas such as volume-level encryption, self-encrypting disks and key management, which the majority of enterprises will rate as essential for the protection of sensitive data and to meet vital privacy and compliance requirements.

In addition to this, persistent storage is simple to use, highly flexible and improves the productivity of operations. Therefore, it should be a solution you consider the next time you're working with containers as part of the software development process.