Even as companies move to embrace cloud deployments and containers, most organizations with such deployments don’t feel prepared to adequately secure cloud-native applications.
According to StackRox’ State of Container Security report, which polled about 230 respondents in the U.S., more than a third of organizations worry that their security strategies don’t adequately address container security. An additional 15 percent believe their strategies don’t take seriously enough the threat to containers and, specifically, Kubernetes deployments.
Perhaps most concerning, more than one-third of respondents haven’t started or are just creating their security strategy plans.
Overall, the report paints the picture that despite rapid cloud and virtual server adoption, security is still lagging significantly.
Digging into the sources of concern over container security, survey respondents focused on misconfigurations and runtime security (i.e., post-deployment) as their primary sources of concern.
Fifty-four percent of respondents said risks driven by misconfigurations and accidental exposures is their primary concern. The stat isn’t that surprising given the rash of high-profile cloud misconfigs that have led to significant data exposures.
“Human error has been responsible for creating the majority of security risks in every wave of infrastructure changes, and it’s no different with containers and Kubernetes,” said Mark Bouchard, CEO of CyberEdge Group, told Threatpost. “It’s crucial that the security tooling for this infrastructure automatically flags the most well-known misconfigurations across the full ecosystem.”
Another 44 percent of survey respondents indicated that runtime, vs. the build and deploy phases, is what they’re most concerned about from a security perspective.
As for who in the organization should take lead running container security, DevOps and DevSecOps top the list. This indicates that deeper container security planning, further integration among DevOps and security teams, and the more widespread adoption of key security technologies are necessary to increase the holistic security of containers and Kubernetes deployments, according to the report.
“The influence of DevOps and the fast uptake in containerization and Kubernetes have made application development more seamless, efficient and powerful than ever. Yet, our survey results show that security remains a significant challenge in enterprises’ container strategies,” said Kamal Shah, StackRox CEO. “Containers provide a natural bridge for collaboration between DevOps and security teams but they also introduce unique risks that, if left unchecked, can create real risks for the enterprise.”
The good news however, is that teams have started working together more to address these risks.