Findings highlight differences in security focus and ownership based on respondents’ roles, experience with containers, and maturity of deployment
Tel Aviv, Israel and Copenhagen, Denmark: 18, October 2017: Aqua Security, the market-leading container security platform provider today announced the results of its first annual ‘Container Security in the Enterprise’ survey. With companies such as Facebook, Netflix and Google heralding the use of containers for their agility, portability, and cost benefits — enterprises are following suit. But the introduction of new processes and changes to infrastructure require a significant shift in focus.
Aqua sought to answer the question, “What does this all mean for security?”
To learn the current state of container security in the enterprise, Aqua Security surveyed 512 individuals meeting the criteria of using containers in development or production today, or planning to use them in the near future. In addition to the parameters listed above, Aqua’s report also examines how views on these topics vary by experience, adoption, role and company size.
“Our goal was to analyze how different roles, company sizes, and levels of adoption affect approaches to security in this rapidly evolving market” said Rani Osnat, Vice President of Marketing of Aqua Security. “The survey results show that while Security teams desire sole governance of the topic, their familiarity with containers is lagging when compared with those with hands-on development and deployment experience. IT professionals across all roles understand that how they manage security will have to change, and DevSecOps will become a reality, whether by embedding security within DevOps, by building cross-functional teams, or other methods.”
Key insights from Aqua’s ‘Container Security in The Enterprise’ survey include:
- 50% of respondents have container applications in production
- 80% see room for improvement for handling security in the container era
- 53% overall rank vulnerabilities in images and code as a top security focus area
- For those running multiple container apps in production, managing ‘secrets’ is their main focus.
- Companies with multiple container applications in production place container security today in the hands of DevOps – future ownership is seen as shifting to DevSecOps
The report also contains plenty of in-depth information about container orchestrators and other required eco-system technologies being used by respondents, as well as granular detail and breakdowns of the findings highlighted above.
“The significant change that containers introduce to application delivery and deployment requires a more collaborative approach by security and DevOps teams. Organizations would do well to embed security early into the process, rather than apply security controls after the fact,” said Doug Cahill, Senior Analyst, Cybersecurity at Enterprise Strategy Group
Survey Data Sources and methodology
Aqua collected survey data from 512 respondents both online and at 2017 DockerCon NA held in Austin, Texas. More detailed information on Aqua’s methodology and process is detailed in the report.
The full report is available for download at aquasec.com/survey
About Aqua Security
Aqua Security enables enterprises to secure their container-based applications from development to production, accelerating container adoption and bridging the gap between DevOps and IT security. Aqua’s Container Security Platform provides full visibility into container activity, allowing organizations to detect and prevent suspicious activity and attacks in real time. Aqua was founded in 2015 and is backed by Lightspeed Venture Partners, TLV Partners, Microsoft Ventures, and IT security leaders, and is based in Israel and San Francisco, CA. For more information, visit www.aquasec.com or follow us on twitter.com/AquaSecTeam.