[ad_1]

Containers have taken the world of software development by storm in recent years. The concept itself goes back much farther, but the rise of Docker sparked an explosion that has resulted in a diverse market of container technologies and container management solutions. Organizations are scrambling to jump on the containers bandwagon, but a recent survey highlights significant concerns with container security.

StackRox conducted a survey of more than 230 IT professionals to understand the issues organizations perceive for securing and protecting containers. Nearly half of the respondents identified cybersecurity as a primary role within IT. Almost half of the respondents represent companies with more than 10,000 employees as well. The results shed light on some crucial issues organizations need to resolve.

State of Container Security

Survey participants were asked if they had any concerns about their overall container strategy. Understandably, most do. Half of the responses about what the biggest concern is were things like it’s too slow, or it’s too far-fetched, or it’s not detailed enough. 50 percent of the respondents with concerns about their container strategy, however, cited security as the primary issue. More than a third (35 percent) are concerned that the strategy doesn’t sufficiently invest in container security and another 15 percent are worried that the strategy does not take the threat to containers seriously.

Less than 30 percent of those surveyed feel they have even an intermediate container security strategy. In and of itself, that is a shockingly small number. About a third (34 percent) claim to have “basic” container security. However, 22 percent report that they are in the planning stage and 15 percent simply said they have no container security strategy whatsoever.

Container Security Concerns

When it comes to specific issues or concerns with container security, misconfigurations or accidental exposure dominate. When asked whether they are most concerned with attacks, misconfigurations / exposure, or vulnerabilities in their containers, 54 percent selected misconfigurations / exposure. Vulnerabilities came in second with 29 percent, followed by attacks with just 17 percent.

There is a bit of a disconnect between which risk survey participants are concerned with, and which stage of the container lifecycle they’re most concerned about. Although misconfiguration errors would occur during the Build stage, nearly half (44 percent) of the survey respondents indicated that Runtime is the lifecycle phase that worries them the most. The Deployment phase claimed 30 percent, and Build, ironically, garnered a meager 26 percent.

Mark Bouchard, co-founder and COO of CyberEdge Group, provides some additional insight and commentary in the report. “Human error has been responsible for creating the majority of security risks in every wave of infrastructure changes, and it’s no different with containers and Kubernetes. It’s crucial that the security tooling for this infrastructure automatically flags the most well-known misconfigurations across the full ecosystem.”

Visibility and Context are Key

There are obviously some disparities that organizations need to address. The overall container security strategy should match the level of concern, and the focus should be on lifecycle stages and threats that pose the greatest risk. Visibility and context are both crucial elements of container security strategy, because you can’t secure and protect what you can’t see, and you can’t effectively prioritize mitigation or remediation efforts without understanding the risk your containers actually face.

To dig into the full report and examine some of the details more closely, download The State of Container Security 2018 Report for yourself from StackRox.

Let’s block ads! (Why?)

[ad_2]

Source link

Load More By admin
Load More In Security

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

IPhone owners can sue Apple for monopolizing App Store, Supreme Court rules – CNN

[ad_1] Justice Brett Kavanaugh, in the majority opinion, said that when “retailers e…