More than half of companies that relied on containers to accelerate their software development and deployment has encountered security issues last year, with a majority of them deploying containers without assessing its health, reveals a recent study by Tripwire.
The study, conducted in partnership with Dimensional Research in November 2018, surveyed 311 IT security professionals who manage environments with containers at companies with more than 100 employees.
The survey showed that out of the 269 participants who relied on containers in production, 47% confirmed they deployed containers with vulnerabilities, while 46% admitted they deployed containers without knowing their security aspects. This lack of proper check and awareness has led to more than 60% of the organisation suffering container security-related incidents in 2018, it said.
“It’s concerning, but not surprising, that nearly half of the respondents said they knowingly deploy vulnerable containers. With the increased growth and adoption of containers, organisations are under increasing pressure to speed up their deployment. To keep up with the demand, teams are accepting risks by not securing containers. Based on the findings, the majority of organisations are experiencing container security incidents,” said Tim Erlin, vice president of product management and strategy at Tripwire.
With container adoption rate reaching 80% in 2018, it is estimated that organisations will confront more risk and complexity as they scale up their DevOps in 2019. Confirming this fact, 71% of the responded believed that container security-related incidents will be common in 2019.
The study also pointed out how 94% of the respondent acknowledged their fear regarding container security. Lack of proper knowledge regarding container security within a team, limited visibility into the security status of containers and container images, as well as the inability to assess risk in container images prior to deployment ranked the highest remained their biggest concerns.
Scaling down on DevOps
With security escalating security vulnerabilities, the only options available are for organisations to scale down DevOps deployment. Understanding the security concern revolving around containers, 42% of the respondent said they are reducing container adoption while 82% are security responsibilities because of container adoption. However, 98% were of the opinion that they want additional security capabilities for container environment.
Vulnerability management, regular monitoring and auditing of containers, security testing a validation process are some of the safety controls suggested by Tripwire as a precautionary measure.
Subscribe to our NewsletterGet the latest updates and relevant offers by sharing your email.
Akshaya Asokan works as a Technology Journalist at Analytics India Magazine. She has previously worked with IDG Media and The New Indian Express. When not writing, she can be seen either reading or staring at a flower.