Security continues to be a concern for container strategies. A recent report by the container security company StackRox found that 44% of respondents delayed rolling out applications into production because of security concerns and that security incidents among respondents remain high at 90%.
“Rolling out an application that hasn’t passed a security assessment puts the business at too great a risk. To prevent delays in application deployment and realize the benefits of containers and Kubernetes, organizations must shift left with security, building it into the development phase so they can address as many security challenges as possible during the build stage.” StackRox stated in the report.
Human error is the most often cited cause of data breaches and hacks as getting all configurations for Kubernetes and container environments is challenging even for seasoned developers, according to StackRox.
Twenty percent of respondents experienced both a misconfiguration and at least one more security incident during the last 12 months.
“The fact that organizations are experiencing a combination of events is critical – a misconfiguration by itself might not be harmful, but when compounded by an exploitable vulnerability, for example, it can pose a much greater risk for a breach,” the report stated.
However, the majority of organizations at 83% said that they are developing some sort of DevSecOps initiatives to counter these security problems.
Taken together, DevOps, Ops, and DevSecOps teams outpaced security teams as the ones primarily responsible for container security at 61%. Only 29% of respondents consider the security team as the party most responsible for securing containers and Kubernetes.
Meanwhile, 43% of respondents have either integrated security across the entire container life cycle or are enforcing security policies as code.
“With the continued move towards containerization, organizations should prioritize automating security in the CI pipeline, securing the Kubernetes infrastructure, and implementing runtime controls to deliver full life cycle security,” the report stated.
Not only are organizations containerizing more of their apps – they’re also running more of those containerized apps in production.
The percentage of organizations with more than half their containers running in production jumped from 29% to 33% in the past eight months, a growth rate of 14%. Also, 44% of respondents deploy containers in hybrid mode while 41% have selected a cloud-only strategy.