Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

IT Teams Question Security of App Containers: Survey

Container technologies are becoming increasingly popular among IT decision makers lately, as they offer a means to deploy applications faster when compared to traditional methods. 

Container technologies are becoming increasingly popular among IT decision makers lately, as they offer a means to deploy applications faster when compared to traditional methods. 

As container technology startup Docker explains on its website, containers “wrap up a piece of software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries – anything you can install on a server.”

Although containers speed up app deployment and reduce costs, many concerns surround the rather new technology being deployed in data centers around the world. According to a recent survey of 272 IT decision makers in North America conducted by container security specialist Twistlock, 91 percent of the respondents said they were concerned about the security of containers. 

Earlier this year, a Red Hat survey found that security is only one of the concerns regarding containers, in addition to integration effort, management, and existing knowledge and skills required to manage containers.

Despite those concerns, containers are widely adopted, with 86 percent of the respondents in Twistlock’s survey saying that their companies have already deployed containers or plan on doing so in the next 12 months. Additionally, 35 percent of IT admins said that containers are already widely used across their enterprise infrastructure

The survey also revealed that 81 percent of IT decision makers who do not use containers in their networks would adopt a container strategy, should in-container security be provided. Furthermore, 40 percent of respondents admitted that they have no container security strategy, and 62 percent said they run containers within virtual machines.

When asked about the values of container security, 83 percent of the respondents said that they were looking for a consistent model from development through to production. Meanwhile, 82 percent were interested in preventing development mistakes from reaching production, and 80 percent valued the ability to detect vulnerabilities in containers.

55 percent of the respondents said that they use 100 or more containers during normal operations, while most of them said they were using Docker as the source for container images (49 percent use Docker Hub and 50 percent use Docker Trusted Registry).

“This survey shows what Twistlock has known all along—that even though containers are accessible and easy to deploy, many companies do not have a good grasp of how to manage container security. This remains a major adoption hurdle that is keeping data centers from migrating to containers completely” said Ben Bernstein, CEO of Twistloc, which helps customers identify vulnerabilities and enforce security policies across the container lifecycle,

While security concerns can be expected for any new technology, a recent Gartner analysis of Docker security largely gives Docker security a thumbs up, F5’s David Holmes highlighted in a recent SecurityWeek column.

“On a fundamental level, container security is equivalent to hypervisor security,” Holmes wrote. “If you can suspend your disbelief about security to the point where you accept the additional layer of risk because there is no “air gap,” then you’ve got to be good with both hypervisors and containers. Sure, Docker is not as mature as VMware, but that’s just one parameter in your equation—as container security matures, the reduced threat surface may lead to fewer vulnerabilities than full virtual machines.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...