Rise of DevOps exposes organizations to risk via container
vulnerabilities
Tripwire,
Inc., a leading global provider of security and compliance solutions
for enterprises and industrial organizations, today announced the
results of a study examining the security practices and concerns of
container technology. Tripwire's
study, conducted in partnership with Dimensional Research in
November 2018, surveyed 311 IT security professionals who manage
environments with containers at companies with over 100 employees.
According to Tripwire’s study, 60 percent of respondents reported their
organizations have experienced container security incidents in the past
year. Yet, of the 269 respondents who currently have containers in
production, 47 percent said they deployed containers known to have
vulnerabilities, while 46 percent admitted they deployed containers
without knowing whether or not they had vulnerabilities.
“It’s concerning, but not surprising, that nearly half of the
respondents said they knowingly deploy vulnerable containers,” said Tim
Erlin, vice president of product management and strategy at Tripwire.
“With the increased growth and adoption of containers, organizations are
feeling the pressure to speed their deployment. To keep up with the
demand, teams are accepting risks by not securing containers. Based on
what this study found, we can see that the result is a majority of
organizations experiencing container security incidents.”
DevOps teams’ increasing use of containers to accelerate software
development and deployment has added complexity for security teams. As
Tripwire’s study found, 94 percent of respondents acknowledged they are
concerned about container security. Among their concerns, inadequate
container security knowledge among teams, limited visibility into the
security status of containers and container images, as well as the
inability to assess risk in container images prior to deployment ranked
the highest.
Additional findings from the study include:
-
Seventy-five percent of those with more than 100 containers in
production have reported an incident.
-
Seventy-one percent of the total respondents expect the rate of
container security incidents to increase in 2019.
-
Ninety-eight percent believe they need additional security
capabilities. Only 12 percent believe they could detect a compromised
container within minutes.
-
Forty-two percent have either delayed or limited container adoption
due to security concerns.
Erlin added: “There's a belief that you have to accept a significant
amount of risk to take advantage of containers, but that’s not true.
Security can and should be embedded into the DevOps life cycle,
incorporating vulnerability and configuration assessment of container
infrastructure to monitor risks from build to production.”
For the complete findings please visit: https://www.tripwire.com/state-of-security/devops/organizations-container-security-incident/
