Container and Kubernetes security provider, StackRox, released its inaugural report, The State of Container Security. This report surveyed over 230 IT professionals to gain their perspectives on container security. Further, it intends to understand how container and Kubernetes adoption trends related to security concerns. Containers continue to grow in popularity, but we’ve seen new threats as a result. Many of which prove difficult to manage.
The research wanted to uncover how prepared organizations felt to handle security, how the environments running containers affected security, and who bore the greatest responsibility for container security. They found that most organizations don’t feel prepared to secure cloud-native applications. Of note:
- More than a third of organizations with concerns about their container strategy worry that their strategies don’t adequately address container security
- More than one-third of respondents haven’t started or are just creating their security strategy plans
44% of respondents indicated that security in the runtime phase was a noteworthy fear. But, more notably, 54% were concerned about risks driven by misconfigurations and accidental exposures. Misconfigurations have caused many recent high-profile attacks and exposures on Kubernetes deployments. Earlier this year, Tesla suffered a cryptojacking attack due to a lack of basic security configuration.
Considering the prevalence of DevOps and its variants, containers won’t go away anytime soon. DevOps fails at security in a lot of ways, ways that overlap with containers. Containers introduce the perfect opportunity for DevOps teams to reevaluate security strategies and protocols. By adding containers and microservices, organizations gain options in their infrastructure to bridge the gap between development and security teams.
These survey findings point to the security elements needed to meet enterprise objectives. A container security platform should:
- Address concerns about misconfigurations.
- Ensure runtime security is a primary focus.
- Demand portability across environments.
- Choose a platform oriented to DevOps workflow and processes.