StackRox, the leader in container and
Kubernetes security, today released the Spring 2019 edition of its
State of Container and Kubernetes
Security Report,
revealing that organizations continue to struggle with container and Kubernetes
security despite the rapid adoption and maturation of these cloud-native
technologies.
Despite rapid container adoption, organizations are
struggling to secure containers
Even though two-thirds of organizations have more than 10%
of their applications containerized, 40% of the organizations remain concerned
that their container strategy does not adequately invest in security. Another
34% report their strategy lacks sufficient detail.
More than 86% of organizations have adopted Kubernetes
The growth from a 57% adoption rate of Kubernetes six
months ago to 86% today represents a staggering 51% increase. Just six months
ago, close to half of organizations (43%) were not using Kubernetes. As
to how they're running Kubernetes, self-managed is the most popular form, with
44% of respondents, followed by Amazon EKS (27%), Azure AKS (16%), Google GKE
(12%) and IBM Red Hat OpenShift (12%).
Hybrid cloud is more than a
buzzword - it is a reality for container deployments
The report findings highlight the
prevalence of on-prem deployments, most of which are in hybrid mode. Nearly
three-quarters (70%) of respondents are running containers on prem, with 53%
running them in hybrid mode, with containers deployed both on prem and in the
public cloud. Only 17% are running containers only on prem, a drop from 31% six
months ago.
Respondents are increasingly concerned about
misconfigurations, accidental exposures, and runtime security risks.
The report shows that 60% of respondents identify
misconfigurations and accidental exposures as their biggest container security
concern, up from 54% six months ago. Runtime remains the container life cycle
phase respondents worry about the most (43%), followed by deploy (35%) and
build (22%).
"Just as with securing IaaS,
missing container and Kubernetes security best practices and human error in
misconfigurations create real threats to organizations and their bottom lines,"
said Mark Bouchard, co-founder and CEO of AimPoint Group. "The consequences of
overlooking security early in the container life cycle will be steep, both in
lost time and money and in risk of exploitation."
Vulnerability management,
compliance, and visibility are the top 3 "must have" capabilities for a
container and Kubernetes security solution.
More than half of respondents
deemed seven core capabilities as "must have" features: vulnerability
management, compliance, visibility, configuration management, runtime threat
detection, network segmentation, and risk profiling and prioritization, in that
order. Vulnerability management tops the list, with 75% of respondents
highlighting it as a must-have capability.
DevOps and DevSecOps are the two
primary groups responsible for container security
About two-thirds of organizations
view DevOps and DevSecOps as the primary groups responsible for
operationalizing container security. DevSecOps was the top group, with 31% of
respondents saying they should run these platforms, up from 24% six months ago.
AWS continues to dominate, but
Azure and Google Cloud Platform are catching up
Nearly 80% of respondents reported
running containers in Amazon Web Services (78%). Google Cloud Platform (GCP)
came in third among cloud providers but gained considerable market share,
growing from 18% to 28% of respondents in the past six months.
"DevOps, containers, and Kubernetes
are the backbone of digital transformation initiatives in every organization
today, but security still needs to catch up," said Kamal Shah, StackRox CEO.
"Organizations are putting the operational benefits of agility and flexibility
at risk by not investing in security. Containers and Kubernetes have moved well
beyond the early adoption phase - security must be built-in from the start, not
bolted-on after the fact, for organizations to securely realize the full
potential of cloud-native technologies."
About the StackRox Container and
Kubernetes Security Report
The Spring 2019 edition surveyed more than 390 IT
professionals across technology, financial services, healthcare, and other
industries. They hail from a variety of company sizes, with 32% at companies of
more than 10,000 employees, 29% between 1001 and 10,000 employees, 30% between
101 and 1000 employees, and 11% at companies of fewer than 100 employees. More
respondents identified as being in a product development or engineering role
(38%) than any other, with 27% in operations, 24% in security or compliance,
and 11% in another IT role.
Download the Spring
2019 State of Container and
Kubernetes Security Report today.