Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organisations, today announced the results of a study examining the security practices and concerns of container technology. Tripwire's study, conducted in partnership with Dimensional Research in November 2018, surveyed 311 IT security professionals who manage environments with containers at companies with over 100 employees.

 

According to a new study by Tripwire that surveyed IT security professionals who manage environments with containers at companies with over 100 employees, a full 60 per cent of respondents reported their organisations have experienced container security incidents in the past year. Further findings reveal to a full extent the vulnerability of security practices and concerns of container technology. 

 

Of the 269 respondents (out of the 311 IT security professionals surveyed) who currently have containers in production, nearly half (47 per cent) said they deployed containers known to have vulnerabilities, while 46 per cent admitted they deployed containers without knowing whether or not they had vulnerabilities.

 

Firms feel pressure to speed up deployment

 

“It’s concerning, but not surprising, that nearly half of the respondents said they knowingly deploy vulnerable containers,” said Tim Erlin, Vice President of Product Management and Strategy at Tripwire – a global provider of security and compliance solutions for enterprises and industrial organisations. “With the increased growth and adoption of containers, organisations are feeling the pressure to speed their deployment. To keep up with the demand, teams are accepting risks by not securing containers. Based on what this study found, we can see that the result is a majority of organisations experiencing container security incidents.”

 

DevOps teams’ increasing use of containers to accelerate software development and deployment has added complexity for security teams. As Tripwire’s study found, 94 per cent of respondents acknowledged they are concerned about container security. Among their concerns, inadequate container security knowledge among teams, limited visibility into the security status of containers and container images, as well as the inability to assess risk in container images prior to deployment ranked the highest.

 

Additional findings from the study

• 75 per cent of respondents whose company has more than 100 containers in production have reported an incident.

• 71 per cent of the total respondents expect the rate of container security incidents to increase in 2019.

• 98 per cent believe they need additional security capabilities. Only 12 per cent believe they could detect a compromised container within minutes.

• 42 per cent have either delayed or limited container adoption due to security concerns.

 

“There's a belief that you have to accept a significant amount of risk to take advantage of containers, but that’s not true,” Mr Erlin added. “Security can and should be embedded into the DevOps lifecycle, incorporating vulnerability and configuration assessment of container infrastructure to monitor risks from build to production."

 

For the complete findings, visit: https://www.tripwire.com/state-of-security/devops/organizations-container-security-incident/