This week StackRox launched the industry’s first ever State of Container Security report. To compile the findings, we surveyed more than 230 IT leaders across operations and security roles. Some responses came as no surprise – the dominance of Docker and Kubernetes, for example, or the breadth of industries using containers to accelerate application roll out.
But many results did surprise us – including the extent to which security leads the list of concerns about companies’ container strategies. We’ll recap a few of the key findings here – you can check out our infographic to get the highlights, our press release to understand the broader story, and the full report to see all the data points and analysis, including commentary from CyberEdge Group.
Container Security Concerns
A few data points highlight the angst companies are feeling about securing their container environments. Among the responses are:
- 50% are worried their container strategies don’t invest enough in container security or take threats seriously enough
- More than 70% have container security strategies that are non-existent, still in planning mode, or just basic
- 54% are most concerned about misconfigurations and exposures, with only 17% worried about attacks
- Runtime security concerns dominate, with 44% of respondents focused on that phase of the container life cycle vs. 26% concerned with the build phase and 30% most concerned about deployment
Containers in the Cloud, but More On Prem
People associate running containers with running in the cloud, but respondents are running containers on prem more than in the cloud. They’re also taking responsibility for managing their containers more than they are relying on public cloud services. Key findings about cloud deployments include:
- 70% are running containers on prem, including those running them both on prem and in the cloud
- 32% are running containers only on prem
- 28% are running containers only in the cloud
- 40% are running containers in both cloud and on-prem deployments
- Of those running in the cloud, 29% are using multiple cloud providers
- 67% are managing their own containers
Container Security – A DevOps Responsibility
Our respondents included a preponderance of security folks, with 43% identifying themselves as part of the security team and 31% saying they work in operations. Despite this imbalance, a high majority of respondents say DevOps teams should run container security platforms. When asked who should be responsible for operating a container security platform, our respondents identified these groups:
- 31% DevOps
- 24% DevSecOps
- 28% Security
- 14% Operations
Additional questions around what systems container security platforms should tie into reiterate the central role of DevOps, with build automation and developer tools topping the list.
Our survey collected data across a much broader set of questions as well, including:
- the percent of applications containerized
- the percent of containers running in production
- how those percentages are expected to grow in a year
- the deployment environments including bare metal vs. VMs
- the ways in which containers are changing how DevOps and Security work together
Get the full report and see how your organization stacks up.