DZone
Security Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Security Zone > The State of Container Security: What We Learned From Our Survey

The State of Container Security: What We Learned From Our Survey

Containers are exploding in popularity. But are the proper security mechanisms in place to keep this containerized data safe?

Travis Wilkins user avatar by
Travis Wilkins
·
Oct. 30, 17 · Security Zone · Opinion
Like (1)
Save
Tweet
1.84K Views

Join the DZone community and get the full member experience.

Join For Free

Containers are a big topic of conversation right now — and for good reason. They represent a powerful and transformative shift toward infrastructure that can enable flexibility and rapid development, unlike anything we’ve seen before. However, as containers continue to proliferate, so do the security and compliance issues that surround them. Many in the market do not fully understand these concerns or how to address them. Our recent report with ESG Strategy Group (Threat Stack Cloud Security Report 2017: Security at Speed & Scale) bore this out.

Containers cannot solve every development or infrastructure problem; they are not the panacea that many believe them to be. But they do offer new opportunities that, when used properly, can move your organization forward.

However, like many groundbreaking technologies in the hockey-stick growth phase, containers have not yet developed clear best practices when it comes to security and compliance. Unlike the cloud, there are not many universally applicable and widely understood rules for configuring and maintaining containers.

The ESG Survey Says…

Here’s what we learned from surveying SMBs and mid-tier enterprises about how they are using containers today:

  • 42% of respondents said that they have already deployed containerized product applications.
  • 23% plan to deploy containerized apps over the next year.
  • 22% plan to start testing containers over the same timeframe.

These are significant statistics. It means that about 90% of respondents will be using containers in some way within the next year. Impressively, this represents a growth rate of more than 100% year-to-year.

Now, let’s take a look at where the security and compliance concerns are coming from. Our survey revealed that 94% of respondents believe containers have security implications. That’s a good sign — acknowledgment of these implications is the first step toward addressing them. The concerns range from company to company, but compliance seems to rise to the top for many organizations. In fact, compliance concerns are the number one issue that respondents identified, primarily due to a perceived lack of visibility into containers.

Nearly one-third of respondents (31%) indicated that they are worried about the lack of mature security solutions for containers. The same percentage stated that their current server workload security solutions did not support containers, which means they will have to add a new tool — leading to new costs and increased complexity. Another 28% are concerned that a single infected container could easily spread to others, while 16% identified the portability of containers as a reason why they could be more susceptible to “in motion” compromise.

These are all valid security concerns, and ones that every organization would do well to research before adopting containers en masse.

Where Is the Market Headed?

As adoption of containers continues to increase, so too do the concerns around security. A lack of sufficient solutions to address this is a primary reason companies are fearful. Many respondents don’t believe that their existing tools can adequately secure containers, and in many cases these fears are valid.

That said, the fears outlined above can be allayed by the implementation of a comprehensive intrusion detection platform (IDP) that is infrastructure-agnostic (from on-prem to cloud to container) and that is able to catch and respond to everything from configuration errors to garden-variety malware to advanced persistent threats.

With market penetration for containers predicted to hit 90% within the year, it is fair to say that containers represent both opportunity and challenge. For those who are able to approach them with clear eyes and understand what purpose they serve and what strengths and weaknesses they have, containers can be a key part of many growth strategies.

Container security

Published at DZone with permission of Travis Wilkins, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Image Classification Using SingleStore DB, Keras, and Tensorflow
  • Building a Kotlin Mobile App with the Salesforce SDK, Part 3: Synchronizing Data
  • Waterfall Vs. Agile Methodologies: Which Is Best For Project Management?
  • 3 Predictions About How Technology Businesses Will Change In 10 Years

Comments

Security Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo