StackRox Report: Misconfigurations and Runtime Security Top Enterprise Concerns in Containers and Kubernetes Deployments

Industry’s First “State of Container Security” Report Finds that Organizations Consider Their Container Security Strategies Lacking and Expect Operations Teams to Lead Security Efforts

MOUNTAIN VIEW, Calif.--()--StackRox, a leader in security for containers and Kubernetes, today released its inaugural report, “The State of Container Security,” which found that most organizations do not feel prepared to adequately secure cloud-native applications, despite the surging adoption of containers and Kubernetes.

The StackRox report aimed to understand how container and Kubernetes adoption trends intersected with security concerns — how prepared organizations felt to handle security, how the environments in which they were running containers affected security, and who in the organization bore the greatest responsibility for container security. Notable findings from “The State of Container Security” report include:

  • More than a third of organizations with concerns about their container strategy worry that their strategies don’t adequately address container security
  • An additional 15 percent believe their strategies don’t take seriously enough the threat to containers and Kubernetes deployments
  • More than one-third of respondents haven’t started or are just creating their security strategy plans

Digging into the sources of concern over container security, survey respondents focused on misconfigurations and runtime security as their primary sources of concern:

  • Fifty-four percent of respondents said risks driven by misconfigurations and accidental exposures is their primary concern
  • A near majority of respondents, 44 percent, indicated that runtime, vs. build and deploy, is the phase they are most concerned about from a security perspective

Despite the concerns over the runtime phase of the lifecycle, the dominance of concerns over misconfigurations is likely the result of a number of recent high-profile attacks and exposures on Kubernetes deployments, such as the cryptomining attack on Tesla’s deployment on Amazon Web Services and Shopify’s publishing of the risk of Kubernetes metadata exposure.

Infrastructure portability is often cited as one of the top reasons to run containers and Kubernetes, and the StackRox report highlights the dominance of hybrid deployment. A surprising percentage of respondents are running their containerized applications only on premise, however:

  • Seventy percent of respondents overall are running containers on premise, with 32 percent running only on premise
  • About 40 percent of respondents are running containers in hybrid environments, both on premise and in the cloud
  • Just under 30 percent of respondents are running only in the cloud

As for who in the organization should take lead running container security, DevOps and DevSecOps top the list.

“The DevOps-induced ‘shift left’ approach enabled by containerization is fundamentally changing how developers and security teams are interacting in the enterprise, forcing alignment and collaboration like never before,” said Mark Bouchard, Vice President of Research and COO, CyberEdge Group. “For organizations to realize more of the technical advantages of microservices, containers and Kubernetes, they will need container security technologies that integrate increasingly early into the software development life cycle.”

The report demonstrates that containers provide an impetus and an opportunity to build a stronger bridge between DevOps and security. Results reveal that deeper container security planning, further integration among DevOps and security teams, and the more widespread adoption of key security technologies are necessary to increase the holistic security of containers and Kubernetes deployments. The complete report provides a number of conclusions that outline key implications for organizations in need of a stronger container security strategy and the specific security elements they need to meet enterprise objectives.

“The influence of DevOps and the fast uptake in containerization and Kubernetes have made application development more seamless, efficient and powerful than ever. Yet, our survey results show that security remains a significant challenge in enterprises’ container strategies,” said Kamal Shah, StackRox CEO. “Containers provide a natural bridge for collaboration between DevOps and security teams but they also introduce unique risks that, if left unchecked, can create real risks for the enterprise.”

To download a full copy of the StackRox report, The State of Container Security, click here.

StackRox conducted this online survey among U.S. companies, with more than 230 respondents answering 25 technology and security questions and three demographic questions.

About StackRox
StackRox helps enterprises secure their container and Kubernetes deployments at scale. The StackRox Container Security Platform enables security and DevOps teams to enforce their compliance and security policies across the entire container life cycle – build, deploy, and run. StackRox integrates with your CI/CD pipeline and security tools, making it seamless to operationalize within your existing environment. StackRox customers span cloud-native startups, Global 2000 enterprises in financial services, technology, and E-Commerce industries, as well as government agencies. StackRox is privately held and headquartered in Mountain View, California. To learn more, visit and follow us on Facebook, LinkedIn and Twitter.


Dex Polizzi
Lumina Communications

Release Summary

StackRox "State of Container Security" report finds Misconfigurations and Runtime Security are Top Concerns in Containers and Kubernetes Deployments.


Dex Polizzi
Lumina Communications