As DevOps continue to entice companies looking for streamlined operations, future initiatives might be stymied by poor shipping container security. In fact, a recent Tripwire study of 311 IT security professionals working for companies with more than 100 employees found that 60 percent of the firms experienced a container security incident in 2018.
“It’s concerning, but not surprising, that nearly half of the respondents said they knowingly deploy vulnerable containers,” Tim Erlin, vice president of product management and strategy at Tripwire, said in a statement. “With the increased growth and adoption of containers, organizations are feeling the pressure to speed their deployment. To keep up with the demand, teams are accepting risks by not securing containers. Based on what this study found, we can see that the result is a majority of organizations experiencing container security incidents.”
The Tripwire “State of Container Security Report” found that 94 percent of respondents were concerned about container security, 60 percent have experienced security incidents in the past year, 47 percent have vulnerable containers in production and 46 percent are unsure of the security of their containers.
The study found that 86 percent of surveyed organizations had containers in production, and that of those with more than 100 in production, 75 percent suffered a security event; 42 percent said that container adoption was limited due to security concerns; 98 percent said that they wanted additional security and 82 percent are considering new security protocols in light of reported breaches.
According to Tripwire, companies looking to embed security into their DevOps lifecycle can “do so by applying security controls like vulnerability management and monitoring/auditing across their containers including the build environment, container security testing and validation processes and runtime containers.”
— Tripwire (@TripwireInc) January 17, 2019