Container Deployments Bring Security Woes at DevOps Speed

  /     /     /  
Publicated : 23/11/2024   Category : security


Container Deployments Bring Security Woes at DevOps Speed


Nearly half of all companies know that theyre deploying containers with security flaws, according to a new survey.



Companies are rushing to deploy containers in their application infrastructure — and in that rush, theyre deploying containers that they know are insecure. Thats one of the conclusions reached in a new report that looks at the state of container security.
The
Tripwire State of Container Security Report
was conducted in partnership with Dimensional Research. The study finds that companies are unsure about container security, and theyre paying a price for that insecurity.
That price is paid in security incidents: 60% of those surveyed say that their organization suffered a container security breach in the last year. Tim Erlin, vice president of product management and strategy at Tripwire, says that he was surprised by that number because there are relatively few reports of container breaches in the news media.
And the security issues dont mean that companies arent concerned with security. Ninety-four percent of respondents to the survey say that security is one of their significant container concerns. The first thing they want is how to detect bad things happening; the second is how to prevent those bad things, says Erlin.
Not surprisingly, the level of concern tends to rise with the number of deployed containers. Thirty-four percent of those with fewer than 10 containers describe themselves as very concerned about security, while 54% of those with more than 100 containers deployed describe themselves with the same language.
The solution for the container security problem lies in the development cycle, Erlin says. The way to address container security is to build security controls into the DevOps process. If youre looking for vulnerabilities or mis-compliance, you want to find them in the build ahead of deployment, and you want to make sure the process will allow them to be fixed before deploying, he explains.
Too many companies are using traditional security scanning processes, in which they scan for vulnerabilities when the application is deployed, and then try to fix issues in a DevOps process — and theyre finding that it doesnt work, Erlin says. The problem isnt primarily with the tools theyre using.
I dont think this is a technology challenge as much as an adoption challenge. There are tools available today in a variety of quality from a variety of companies, but we havent seen DevOps organizations adopting them as part of the build process, Erlin says. Looking ahead, though, he sees promise in the form of new employees being hired to work with containers.
I was talking to an analyst this morning, and he said that companies are seeing new hires bring the container technology with them from their time in colleges and universities, he says. Still, the new hires are no quick fix: 71% of those in the survey say that they expect to see more container security incidents in the coming year.
Related Content:
Security at the Speed of DevOps: Maturity, Orchestration, and Detection
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
7 Non-Computer Hacks That Should Never Happen
Qualys Snaps Up Container Firm
Simplify Everything: Google Talks Container Security in 2019

Last News

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Container Deployments Bring Security Woes at DevOps Speed