ESG data indicates that cybersecurity pros have problems around the nuances of container technology and implementing container-centric security controls. Credit: Jim Bahn The industry is gaga for container technologies like Docker and for good reason. According to ESG research, containers make up about 19 percent of hybrid cloud production workloads today, but in just two years’ time, containers will make up one-third of hybrid cloud production workloads. (Note: I am an ESG employee.) Container security issuesNot surprisingly, cybersecurity professionals say rapid growth and proliferation of application containers have led to several security issues:35 percent say their organization’s current server workload security solutions do no support the same functionality for containers, requiring the use of separate container security technologies. This adds cost and complexity to safeguarding valuable IT assets.34 percent say they need to verify that images stored in container registries meet their organization’s security and compliance requirements. Again, they tend to need specialized tools to accomplish this task.33% say there is a lack of mature solutions available for container security. This is understandable, as container security is dominated by startups and point tools at present (i.e. Aporeto, Aqua Security, Cavirin, CloudPassage, Layered Insight, Neuvector, StackRox, Twistlock, etc.). We are seeing more and more coverage from established players, as well, including Tenable Networks, Trend Micro, VMware, etc. Cybersecurity pros should pay close attention to this market because vendors and tools are evolving quickly. 30% say the potential for container sprawl creates loose access controls between containers that could leave their production environment more vulnerable. This indicates process and management problems that lead to security vulnerabilities. 27% say portability makes containers more susceptible to “in motion” compromises. And a lot of security pros don’t have the tools to monitor transient containers and microservices as they appear and disappear. Like server virtualization and public cloud workloads of the past, containers remain an unfamiliar animal to many security professionals today, but this is unacceptable given the number of production containers deployed today (as well as aggressive future container deployment plans). In cybersecurity, uncertainty and limited knowledge equal increased risk. So, what should organizations do for container security? More on this soon. Until then, my colleague Doug Cahill offered some guidance on hybrid cloud security in the fantastic presentation he did at last month’s RSA Security Conference. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe