Containers are Here! What About Container Security?

GettyImages-663959138The industry is gaga for container technologies like Docker and for good reason. According to ESG research, containers make up about 19% of hybrid cloud production workloads today, but in just 2 years’ time, containers will make up one-third of hybrid cloud production workloads. 

Not surprisingly, rapid growth and proliferation of application containers have led to several security issues:

  • 35% of cybersecurity professionals claim that their organization’s current server workload security solutions do no support the same functionality for containers, requiring the use of separate container security technologies. This adds cost and complexity to safeguarding valuable IT assets.
  • 34% of cybersecurity professionals claim that they need to verify images stored in container registries meet their organization’s security and compliance requirements. Again, they tend to need specialized tools to accomplish this task.
  • 33% of cybersecurity professionals claim that there is a lack of mature solutions available for container security. This is understandable as container security is dominated by startups and point tools at present (i.e., Aporeto, Aqua Security, Cavirin, CloudPassage, Layered Insight, Neuvector, StackRox, Twistlock, etc.). We are seeing more and more coverage from established players as well like Tenable Networks, Trend Micro, VMware, etc. Cybersecurity pros should pay close attention to this market as vendors and tools are evolving quickly. 
  • 30% of cybersecurity professionals claim that the potential for container sprawl creates loose access controls between containers that could leave their production environment more vulnerable. This indicates process and management problems that lead to security vulnerabilities. 
  • 27% of cybersecurity professionals claim that portability makes containers more susceptible to “in motion” compromises. And a lot of security pros don’t have the tools to monitor transient containers and microservices as they appear and disappear. 

Like server virtualization and public cloud workloads of the past, containers remain an unfamiliar animal to many security professionals today, but this is unacceptable given the number of production containers deployed today (as well as aggressive future container deployment plans). In cybersecurity, uncertainty and limited knowledge equal increased risk. 

So, what should organizations do for container security? More on this soon but here’s a hint – check out the fantastic hybrid cloud security presentation my colleague Doug Cahill did at last month’s RSA Security Conference. 

Topics: Cybersecurity Systems Management