Cloud Native ComputingCXOsDevOpsDevSecOpsNewsSecurity

Security And Compliance Challenges A Top Concern In Container Strategies: StackRox Report


StackRox has released the findings of the State of Containers and Kubernetes Security Report, Fall 2020. Security and compliance challenges continue to be a top concern in container strategies, with 90% of respondents experiencing a security incident in their container and Kubernetes environments over the last 12 months.

The report adds that nearly half of respondents have delayed rolling out applications into production because of security concerns (44 percent).

At the same time, organizations have progressed in developing DevSecOps initiatives (83 percent have some form in place) and in maturing their container and Kubernetes security strategies (only 25 percent lack a strategy).

Further, most respondents are in an early stage of DevSecOps, with 40 percent saying they’re starting to have DevOps and Security teams collaborate on joint policies and workflow.

Another 27 percent say they’re integrating and automating security across the SDLC and 16 percent are implementing security as code. Only 17 percent of organizations have little to no collaboration between the teams.

Kubernetes continues to increase its dominance, with 91 percent of respondents using some form of Kubernetes to manage their containers. Self-managed Kubernetes continues to be popular, with 50 percent of respondents running open-source Kubernetes.

Among managed Kubernetes offerings, Amazon EKS is most popular with 44 percent of respondents, followed by Azure AKS at 31 percent, IBM Red Hat OpenShift at 22 percent, and Google GKE at 19 percent.

Survey respondents cited both an internal skills shortage and a steep learning curve as the two most significant Kubernetes challenges impacting their companies. Those two challenges were identified as impacting 70 percent of organizations.

The hybrid model continues to be the most popular architectural approach to deploying containers, with 44 percent of respondents running containers both on prem and in the cloud.