KubeCon + CloudNativeCon North America 2025, Atlanta: As more companies use containers to build and run their critical business applications, the secure container marketplace has been exploding in importance for enterprises. And even more notable – the importance and expanding revenue opportunities for secure containers are also spreading in the channel as MSPs, VARs, system integrators, and other partners begin to dip their toes into this market.
At the recent
KubeCon + CloudNativeCon North America 2025 conference, a growing group of secure container vendors brought their wares to busy booths on the show floor, sharing how they can help businesses – and channel partners – build leaner containers for cloud applications by removing superfluous code and offering security-hardened container images.
Container security vendors at KubeCon 2025 2025 included
Edera, Minimus,
ActiveState,
BellSoft,
Chainguard,
Red Hat’s UBI Micro project, and chiseled containers from Canonical.
And as more businesses move to cloud-native development and open source components to build applications, the importance of this nascent market for channel partners becomes clearer,
Jim Mercer, an analyst and program vice president for software development, DevOps, and DevSecOps with IDC, told ChannelE2E.
For MSPs and other channel partners, this responsibility is huge as they help and guide their customers with open source, Kubernetes, and containers, he said.
“The problem is that open source and [any] vulnerable components need to be addressed regardless of the size of the organization,” said Mercer. “However, MSPs are not just protecting their own businesses; they are protecting all of their customers' businesses. While a standard enterprise focuses on protecting its own infrastructure, an MSP focuses on protecting hundreds of client infrastructures simultaneously.”
That means that when an MSP inadvertently uses a vulnerable open-source component or insecure container images, it can become a force multiplier for attackers because the MSP presents a one-to-many attack surface, he explained.
“For a small business that is an MSP customer, a serious security breach could put it out of business,” said Mercer.
This is why it is important for MSPs and other channel partners to build their skills and services in this segment around open source, Kubernetes, container security, and more, he said.
“Like any business in today's world, it can help ensure the resilience and survival of their business,” said Mercer. “So, as these organizations move toward cloud-native development, the traditional IT perimeter has dissolved. The new perimeter is the code itself and the containers that carry it.”
Open Source Growth for the Channel
Mark McDaniel, the vice president of partnerships for
Minimus, a company offering secure, minimal containers that are stripped of superfluous code to prevent such vulnerabilities, told ChannelE2E that he is also seeing this growing reseller market in the world of open source, containers, and Kubernetes.
McDaniel, who has been working in the channel for the past 20 years, primarily in the Security Information and Event Management (SIEM) segment, said his channel experience is one of the reasons that Minimus hired him four months ago.
“So, this is kind of a new space for me, but I am seeing a lot of the same traction from traditional VARs and security companies,” he said. “We are hearing from some customers who are already using containers, and now they are looking for ways that they can do it more securely. They are looking for the ability to get more ahead of the game, as opposed to in the past, where it was all about remediation" after security vulnerabilities appeared.
Companies like Minimus come in to help customers with vulnerability-free, CVE-free (Common Vulnerabilities and Exposures) container images, as well as with ongoing maintenance and services, said McDaniel. “That is where companies really struggle. I mean, in our industry, resources and people have always been a challenge. If you have a solution that can take that burden off of them, there is a lot of value there.”
Minimus cleans and hardens its container images and licenses them to customers for purchase as needed, he said. “You can either pull from our registry or have them in your own or even an air-gapped registry, if that is important to you. And then you can have as many people access that and have as many pulls as you need.”
The customers using these images today are SMBs from small mom-and-pop shops to mid-sized and larger enterprises, said McDaniel. “You would be surprised,” he said. “They come from all different segments. A lot of what we see are channel partners who are looking to do business in the federal space, around FedRAMP.”
For MSPs, this market is “a tremendous opportunity,” said McDaniel. “The problem, especially on the security side, is that a lot of channel partners do not think about this component of security because it seems like it is on the developers’ side and they do not sell to developers.”
How Hardened Runtimes Fit Into the Mix
One of the container security vendors at KubeCon 2025, Edera, actually builds and sells hardened runtimes for containers rather than completed hardened containers. But Edera partners with hardened container vendors like Minimus, Chainguard, and Echo to offer their critical hardened runtime components, said Emily Long, the founder and CEO of Edera.
“They secure the base image as step one, while Edera provides the hardened runtime environment those images run in, which is the critical last line of defense,” said Long. “Here is why both matter – developers typically build on top of base images, introducing new vulnerabilities and dependencies, including sometimes even end-of-life software, to make their applications work. That is where hardened runtime becomes essential. We isolate containers at the kernel level, creating a true security boundary that prevents attackers from exfiltrating data or moving laterally, even if they exploit a vulnerability. The best supply chain security uses both hardened images and hardened runtime.”
Edera is formally working with select channel partners today, including
Carahsoft, a government IT solutions provider, and IT services consulting firm
Trace3, to get its products into the hands of SMBs, said Long. “Given our stage and sales motion, we are being strategic about partnership development. As we scale, expanding our channel partner ecosystem is a key priority. Partners extend your reach and credibility faster than you could build it alone, turning their established relationships and expertise into your competitive advantage while often being the first to pinpoint new critical challenges their customers face. We see significant opportunities to help partners deliver modern infrastructure security to their customers.”
There is a broad need for secure containers today, said Long.
“Most production applications deployed today are via containers, which share their kernel – and fate – with all other containers in the cluster, including the most vulnerable ones,” she said. “The only thing mitigating a cluster compromise is luck and lots of kernel hardening.”
With the fast growth of AI, this is even more important in today’s IT landscape, said Long.
“The AI era is being built on container infrastructure right now,” she said. “We have a chance to avoid repeating the mistakes we made with cloud native – overly complex architectures, weak security foundations, and reactive instead of proactive protection. As organizations race to deploy AI workloads, they need secure, flexible, resilient foundations. That is what separates sustainable AI infrastructure from the chaos we have seen develop in the cloud.”
