Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Application Security

Container Deployment Grows, Security Concerns Linger: Survey

While container adoption is likely to surge over the next few years, concerns around security, certification and adequate skills remain, according to a recent survey commissioned by Red Hat.

While container adoption is likely to surge over the next few years, concerns around security, certification and adequate skills remain, according to a recent survey commissioned by Red Hat.

The results of the survey, which tapped more than 383 global IT decision makers and professionals, revealed that 67 percent of respondents plan to have production rollouts of containers over the next two years.

Additionally, 50 percent of survey respondents said that they plan to use container-based applications in cloud roles, and 56 percent said containers would be used as vehicles for running web and e-commerce software.

Application development enhancements dominated as the top benefits of containers, with faster application deployment and reduced deployment effort topping the list at 60 percent each, Red Hat said, noting that forty-four (44) percent of respondents see containers as a means to consolidate existing servers.

The survey also showed that virtual machines are currently the preferred deployment method, with 83 percent of respondents planning to deploy containerized application implementations on top of virtual environments.

But what about container security?

Despite strong enterprise adoption plans for containers, the survey results highlighted a number of concerns, including:

Advertisement. Scroll to continue reading.

• Security and a lack of certification/image provenance (60 percent of respondents)

• Integration with existing development tools and processes (58 percent)

• Management (55 percent)

• Existing knowledge and skills (54 percent)

Finally, open source remains the dominant platform in the container world, with more than 95 percent of respondents planning container development on the Linux operating system.

Internal champions remain at the grassroots (39 percent) and middle management (36 percent) levels, with upper management and CIO directives playing limited roles in containerized application adoption within the enterprise, according to survey respondents.

Similar to virtual machines, containers benefit from resource isolation and allocation, but do not rely on an OS kernel, making them faster and more portable than virtual machines. However, containers hosted on the same machine must all use the same kernel, perhaps a reason for sparking security concerns by some.

“On a fundamental level, container security is equivalent to hypervisor security,” explained SecurityWeek columnist David Holmes in a recent column. “If you can suspend your disbelief about security to the point where you accept the additional layer of risk because there is no “air gap,” then you’ve got to be good with both hypervisors and containers.”

“The promise of container efficiency is leading some to predict that containers will eventually replace traditional virtualization systems,” Holmes added. “The ability to spin up containers in a second or less means they will proliferate to deliver their value and then disappear, allowing the underlying operating system to boost the efficiency of the application’s circulatory system.”

“Ultimately, containers represent a significant paradigm shift for enterprise application development and deployment, whether used to modernize existing applications to build net new web or cloud-native workloads, or enable DevOps,” Tim Yeaton, senior vice president, Infrastructure Business at Red Hat, said in a statement.

“Large scale enterprise adoption can be accelerated by addressing enterprises’ concerns about security, management, and developing the right skills,” Yeaton said.

The survey, conducted online during Q2 2015, represented organizations ranging from Fortune 500 companies to state and local governments.

Related Reading: Disrupting the Disruptor: Security of Docker Containers 

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...