ESG Brief: The Role of DevSecOps in Automating Application Container  Security

Abstract:

The rapid adoption of application containers is creating a new set of cybersecurity challenges and, as a result, an expanded set of requirements for server workload security solutions. Research conducted by ESG shows that containers are moving quickly into production with a side effect of sprawl, as previously experienced by IT departments with the advent of virtual machines. Exploit attacks experienced by many organizations have created concerns about how application container environments—including registry-resident images and orchestration platforms—expose a new set of software, configuration, and access vulnerabilities. ESG research also reveals a strong interest in automating security via DevOps (“DevSecOps”) and shows how these practices allow cybersecurity and operations teams to integrate security in each stage of the continuous integration and continuous delivery (CI/CD) pipeline that governs the build-ship-run phases of the container lifecycle.

Already an ESG client? Log in to read the full report.

Not a client? Please email sales@esg-global.com to learn more about accessing ESG reports.

 

Topics: Cybersecurity Systems Management AWS re:Invent