Container security is rapidly becoming a major concern as containers start to proliferate across the enterprise. A survey of 311 cybersecurity professionals conducted by Dimensional Research on behalf of Tripwire, a provider of IT security software and service, finds that 75 percent of organizations that had more than 100 containers running in a production environment have experienced a least one cybersecurity event.
A total of 94 percent of respondents to the survey, which published this week, still have concerns when it comes to container security and 71 percent of respondents say they expect the number of cybersecurity incidents involving containers to increase in the coming year.
The fact that cybersecurity is becoming a bigger concern is not all that surprising, given the number of containers being deployed in production environments—86 percent of the organizations surveyed are running containers in production environments. Cybercriminals have clearly taken note of the proliferation of containers, and as the volume of containers increases, it becomes more cost-effective for cybercriminals to exploit any weakness in the way containers are configured or deployed.
Unfortunately, only 12 percent of respondents believe they could detect a compromised container within minutes. That lack of faith in container security has resulted in 42 percent of respondents delaying or limiting container adoption due to security concerns. Just about every survey respondent (98 percent) say they will need to develop additional capabilities to secure containers.
Tim Erlin, vice president of product management and strategy for Tripwire, says it’s only a matter of time before adoption of containers sparks a larger conversation concerning best DevSecOps processes within most organizations. In theory, developers should be taking more responsibility for implementing cybersecurity controls during the application development process. But in practice, most organizations are employing containers without much input or guidance from cybersecurity professionals. That lack of oversight is now manifesting itself in the form of more cybersecurity incidents involving containers, Erlin says.
At the same time, most organizations employing containers have yet to add the cybersecurity tools required to manage containers. Currently, containers are, for the most part, invisible to the cybersecurity tools most organizations have in place today.
Erlin says it’s now only a matter of time before more cybersecurity teams focus more on the implications of deploying containers in production environments. Most organizations are embracing containers as part of an effort to accelerate the rate at which applications are deployed. But most of the organizations that have embraced containers to achieve that goal haven’t fully considered the impact containers might have on cybersecurity processes and policies.
For example, IT organizations need to make sure that not only containers are configured properly, but also that the software packaged into those containers has been updated with the latest software patches. It’s still too easy for developers to employ versions of software that are outdated from a cybersecurity perspective because they include known vulnerabilities. At the same time, cybersecurity teams need to be sure cybercriminals are not employing containers to run cryptocurrency mining software on an organization’s servers without anyone noticing.
It’s not likely organizations will stop employing containers because of cybersecurity issues. But it is apparent that long overdue conversations concerning container cybersecurity are about to finally be had.