Security Experts:

Container Deployment Grows, Security Concerns Linger: Survey

While container adoption is likely to surge over the next few years, concerns around security, certification and adequate skills remain, according to a recent survey commissioned by Red Hat.

The results of the survey, which tapped more than 383 global IT decision makers and professionals, revealed that 67 percent of respondents plan to have production rollouts of containers over the next two years.

Additionally, 50 percent of survey respondents said that they plan to use container-based applications in cloud roles, and 56 percent said containers would be used as vehicles for running web and e-commerce software.

Application development enhancements dominated as the top benefits of containers, with faster application deployment and reduced deployment effort topping the list at 60 percent each, Red Hat said, noting that forty-four (44) percent of respondents see containers as a means to consolidate existing servers.

The survey also showed that virtual machines are currently the preferred deployment method, with 83 percent of respondents planning to deploy containerized application implementations on top of virtual environments.

But what about container security?

Despite strong enterprise adoption plans for containers, the survey results highlighted a number of concerns, including:

• Security and a lack of certification/image provenance (60 percent of respondents)

• Integration with existing development tools and processes (58 percent)

• Management (55 percent)

• Existing knowledge and skills (54 percent)

Finally, open source remains the dominant platform in the container world, with more than 95 percent of respondents planning container development on the Linux operating system.

Internal champions remain at the grassroots (39 percent) and middle management (36 percent) levels, with upper management and CIO directives playing limited roles in containerized application adoption within the enterprise, according to survey respondents.

Similar to virtual machines, containers benefit from resource isolation and allocation, but do not rely on an OS kernel, making them faster and more portable than virtual machines. However, containers hosted on the same machine must all use the same kernel, perhaps a reason for sparking security concerns by some.

“On a fundamental level, container security is equivalent to hypervisor security,” explained SecurityWeek columnist David Holmes in a recent column. “If you can suspend your disbelief about security to the point where you accept the additional layer of risk because there is no “air gap,” then you’ve got to be good with both hypervisors and containers.”

“The promise of container efficiency is leading some to predict that containers will eventually replace traditional virtualization systems,” Holmes added. “The ability to spin up containers in a second or less means they will proliferate to deliver their value and then disappear, allowing the underlying operating system to boost the efficiency of the application’s circulatory system.”

“Ultimately, containers represent a significant paradigm shift for enterprise application development and deployment, whether used to modernize existing applications to build net new web or cloud-native workloads, or enable DevOps,” Tim Yeaton, senior vice president, Infrastructure Business at Red Hat, said in a statement.

“Large scale enterprise adoption can be accelerated by addressing enterprises' concerns about security, management, and developing the right skills,” Yeaton said.

The survey, conducted online during Q2 2015, represented organizations ranging from Fortune 500 companies to state and local governments.

Related Reading: Disrupting the Disruptor: Security of Docker Containers 

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.