Rawpixel - Fotolia
Almost half of containers in production have vulnerabilities, study finds
More containers are being deployed in production, but many businesses are unaware if they are secure
Almost half of businesses have experienced a security issue with containers, according to a survey of IT security professionals conducted by Dimensional Research for Tripwire.
Of the 269 IT professionals surveyed who manage production environments with containers at companies with more than 100 employees, 46% did not know whether their containers were secure and 47% admitted they had containers in production with vulnerabilities. Overall, 60% of respondents to the survey reported that their organisation had experienced container security incidents in the past year.
The study also found that 94% of respondents acknowledged they were concerned about container security. Their biggest concerns were inadequate container security knowledge among teams, limited visibility into the security status of containers and container images, and the inability to assess risk in container images prior to deployment.
Containers are increasingly being deployed in organisations to support DevOps. According to Tripwire’s study, one-third of the IT professionals said they had between 10 and 100 containers in production environments, and 19% said they had between 100 and 500 containers live in production.
Tim Erlin, vice- president of product management and strategy at Tripwire, said: “With the increased growth and adoption of containers, organisations are feeling the pressure to speed their deployment. To keep up with demand, teams are accepting risks by not securing containers. Based on this study, we can see that a majority of organisations are experiencing container security incidents.”
As Computer Weekly has reported previously, enterprises that deploy containers in production are also deploying vulnerability scanners to ensure the container image is not compromised. For instance, utility firm Ovo uses popular open source tools to scan container images for known vulnerabilities.
“Our systems and practices are good because one of the threats with containers is breakout,” said Chris Smith, a developer and containers-advocate at Ovo.
Read more about container security
- Startups are developing technologies that fill in some of the security gaps, including better controls for container orchestration.
- In this e-guide, we look at why established security suppliers are finally adding containers to their repertoire, and how security pros must decide between trusted platform integration and the latest features.