A new report from threat detection startup StackRox Inc., written in conjunction with CyberEdge Group, has found that most organizations do not feel prepared to adequately secure cloud-native applications despite surging adoption of containers and Kubernetes.

The inaugural “The State of Container Security” report released today, based on a survey of more than 230 information technology staff at primary companies with more than 10,000 employees across multiple industries found that a third of respondents believed that their organization doesn’t address container security at all. An additional 15 percent said that existing strategies don’t take threats to containers and Kubernetes seriously enough.

Containers are software that encapsulates applications in a way that they can be run on multiple computer environments, in on-premises data centers or in private and public clouds, without rewriting the code. They’re managed or “orchestrated” by the open-source software Kubernetes.

Some 54 percent of respondents said that risks driven by misconfigurations and accidental exposures are their primary concern, while 44 percent indicated that security during runtime, more than during the build-and-deploy phase, is what they’re most concerned about.

The reports noted that the dominance of concerns over misconfigurations is likely the result of a number of recent high-profile attacks and exposures on Kubernetes deployments, such as the theft of data from Tesla Inc. in February.

While focusing on security, the report also offered some general stats on the deployment of containers and Kubernetes. Seventy percent of respondents overall said they’re running containers on-premises, with 32 percent running only on-premises. Forty percent are running containers in hybrid environments, and only 30 percent are running only in the cloud.

“The DevOps-induced ‘shift left’ approach enabled by containerization is fundamentally changing how developers and security teams are interacting in the enterprise, forcing alignment and collaboration like never before,” Mark Bouchard, vice president of research and chief operating officer of the CyberEdge Group, said in a statement. “For organizations to realize more of the technical advantages of microservices, containers and Kubernetes, they will need container security technologies that integrate increasingly early into the software development life cycle.”

The report concluded that deeper container security planning, further integration among DevOps and security teams, and the more widespread adoption of key security technologies are necessary to improve the security of containers and Kubernetes deployments. A full copy of the report including conclusions and key implications for organizations can be obtained here.

Photo: Pixabay