Misconfiguration and runtime security are top container worries
Container and Kubernetes security company StackRox has released a new report looking to understand how adoption of these technologies affects security concerns.
The State of Container Security report finds that more than a third of organizations worry that their strategies don't adequately address container security.
In addition 15 percent believe their strategies don't take seriously enough the threat to containers and Kubernetes deployments, and more than a third of respondents haven’t started or are just creating their security strategy plan.
The main concern, cited by 54 percent of respondents, is risks driven by misconfigurations and accidental exposures. Also 44 percent, indicate that shifting to runtime from build and deploy is the phase they are most concerned about from a security perspective.
There are concerns surrounding infrastructure too with 70 of respondents running some containers on premise and 32 percent running only on premise. About 40 percent of respondents are running containers in hybrid environments, both on premise and in the cloud, and just under 30 percent of respondents are running them only in the cloud.
When asked who in the organization should take lead running container security, DevOps and DevSecOps are the top responses.
"The influence of DevOps and the fast uptake in containerization and Kubernetes have made application development more seamless, efficient and powerful than ever. Yet, our survey results show that security remains a significant challenge in enterprises’ container strategies," says Kamal Shah, StackRox's CEO. "Containers provide a natural bridge for collaboration between DevOps and security teams but they also introduce unique risks that, if left unchecked, can create real risks for the enterprise."
The full report is available to download from the StackRox website.