IT disaster recovery, cloud computing and information security news

Study looks at IT security practices and concerns related to container technology

Tripwire, Inc., has released the results of a study examining container technology security practices and concerns. The study, conducted in partnership with Dimensional Research in November 2018, surveyed 311 IT security professionals who manage environments with containers at companies with over 100 employees.

According to the study, 60 percent of respondents reported that their organizations have experienced container security incidents in the past year. Yet, of the 269 respondents who currently have containers in production, 47 percent said they deployed containers known to have vulnerabilities, while 46 percent admitted they deployed containers without knowing whether or not they had vulnerabilities.

"It’s concerning, but not surprising, that nearly half of the respondents said they knowingly deploy vulnerable containers,” said Tim Erlin, vice president of product management and strategy at Tripwire. “With the increased growth and adoption of containers, organizations are feeling the pressure to speed their deployment. To keep up with the demand, teams are accepting risks by not securing containers. Based on what this study found, we can see that the result is a majority of organizations experiencing container security incidents."

DevOps teams’ increasing use of containers to accelerate software development and deployment has added complexity for security teams. As Tripwire’s study found, 94 percent of respondents acknowledged they are concerned about container security. Among their concerns, inadequate container security knowledge among teams, limited visibility into the security status of containers and container images, as well as the inability to assess risk in container images prior to deployment ranked the highest.

Additional findings from the study include:

  • 75 percent of those with more than 100 containers in production have reported an incident.
  • 71 percent of the total respondents expect the rate of container security incidents to increase in 2019.
  • 98 percent believe they need additional security capabilities. Only 12 percent believe they could detect a compromised container within minutes.
  • 42 percent have either delayed or limited container adoption due to security concerns.

Erlin added: "There's a belief that you have to accept a significant amount of risk to take advantage of containers, but that’s not true. Security can and should be embedded into the DevOps life cycle, incorporating vulnerability and configuration assessment of container infrastructure to monitor risks from build to production."

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.