Over 60 percent of DevOps teams would sacrifice container security for speed
A new survey of container security from NeuVector shows that 63 percent of respondents would curtail or restrain security measures in order to maintain faster production.
There's also a lack of consensus on who is responsible for securing container environments with 42 percent saying security teams, 30 percent development, and 28 percent operations. This is despite 32 percent saying security is their organization's single most important priority as they roll out containers and Kubernetes initiatives.
"As container security breaches continue to make headlines, we are pleased that a majority of enterprises leveraging containerized environments name security among their highest priorities," says Fei Huang, chief strategy officer, at NeuVector. "At the same time, that fact that a disproportionate number of enterprises would sacrifice security for productivity is both troubling and misguided. We advise organizations to recognize security as essential to the success of their container and Kubernetes implementations, and to select security capabilities that can enable development agility while still achieving fully reliable protection."
Among other findings 61 percent of respondents do use Kubernetes Pod security and/or network security policies, and many supplement those native policies with vulnerability scanning, along with network inspection and blocking.
To protect critical applications and data when incidents do occur, enterprises are using a broad range of tools and strategies. While Layer 7 network blocking leads the way as a tactic employed by 32 percent of respondents, nearly as many have adopted Layer 3 and 4 network blocking, network packet capture, container process blocking, file access monitoring, or container quarantining.
66 percent name official Kubernetes documentation as their best source of security information, while 41 percent use information from Kubernetes security vendors, and 39 percent turn to documentation from cloud vendors.
The full report is available from the NeuVector site.
Image credit: maninblack/depositphotos.com