Survey: Security is top worry as IT container use accelerates

The rush to containers and cloud IT is creating new security risks for companies, as they chase business agility through rapid app development

Cybersecurity skills are in high demand Demand for security staff is up, but some skills are more sought after than others.

There has been a large rise in the number of enterprises running container technologies in production environments over the past two years --  from 67% to 90% according to the 2019 Container Adoption Survey, which polled over 500 IT professionals across different industries and company size.

The survey was commissioned by Portworx, which offers container and cloud-based data management services; and Aqua Security, which helps enterprises secure cloud and container-based application development and production.

The survey found widespread use of container technologies: 87 percent of IT professionals reported running container based applications, with 90% of those apps in production, and 70% reported at least four out of 10 of their portfolio applications running in containers.

"Container technologies are now used to run mission critical enterprise applications, which means security in cloud native environments must be made absolutely bulletproof," said Rani Osnat, VP of Product Marketing at Aqua Security. 

The survey asked about top concerns in using containers. Security was top of mind for 51%, while data management issues were cited by 40%, and 36% worry about cross-cloud/multiple cloud support.

Nearly one in five organizations reported spending more than $1 million annually on container technologies compared -- with just one in 25 in 2016. 

The survey uncovered some differences over which IT teams hold the main responsibilities for security, which could point to a larger issue.

About 47% of respondents working on Dev/Ops teams claimed that Dev/Ops shared a joint responsibility with the main security team, while 51% of respondents that work on the enterprise security team claimed their team had the chief responsibility.  Everyone else mostly agreed, with 31% saying the enterprise security team was in charge, while 24% said the responsibility was held by a joint Dev/Ops enterprise security team. 

For three consecutive years container adoption has been driven by the need for faster app development and deployment. Developer speed and efficiency was cited as the top reason for investments in containers by 37% of respondents. 

Special Feature

IT Jobs in 2020: A Leader's Guide

The demand for IT talent is changing with the evolution toward AI, big data, cloud computing, and automation. Here's how CIOs, IT professionals and IT departments will need to adapt.

Read More

Foremski's Take

It is not surprising that security is a concern -- especially when IT professionals are rushing to meet the demands of the business side by adopting radically new IT architectures, such as cloud and container based technologies, and reorganizing their app development around Dev/Ops and microservices. 

Security in the IT enterprise is already a challenge for current IT organizations, and that's with long-established legacy technologies. That security challenge is compounded as companies move increasing workloads into the public cloud and deployed in containers for maximum efficiency and agility. 

The complexity of such systems and their uncatalogued weaknesses means that IT organizations will have to rely on third-party services to help handle these new data and app security risks. Determining which of the external and internal teams are responsible for which parts of enterprise security will likely be resolved by studying the next large corporate data break-in.