Snyk Blog

2022 Container Security Trends Report: Exploring ownership, education, expertise, and more

Written by:
Megan Moore
Megan Moore
wordpress-sync/feature-container-security-report

April 27, 2022

0 mins read

With dependence on containers growing more every year, developers need the best container security solutions they can find, and those solutions have to integrate seamlessly into existing development workflows. Snyk’s partnership with Sysdig has helped us strengthen our commitment to building tools for container security, and growing those tools to meet the evolving needs of developers. And as a developer-first organization, we truly value feedback that comes right from developers themselves.

So we recently partnered with Techstrong Research to gather data on developers’ priorities for securing cloud environments. Techstrong distributed flash polls to their member community, which includes people interested in DevOps, cloud-native, development, security, and digital transformation. Over 1700 community members responded to the polls, revealing valuable insight on how security considerations impact deployments; the complexities of securing cloud-native and container environments; and how security work is distributed across organizations. All of this data is presented and analyzed in the 2022 Container Security Trends Report.

First, the poll addresses the question of whether developers feel that security slows the cloud deployment process. We know that traditionally, security has been viewed as an extra step, one that might slow the overall workflow. However, the poll numbers show that security is slowly catching up with application teams and DevOps teams regarding becoming equal stakeholders during deployment. (Interestingly, nearly 20% of respondents said security is helping them move faster, which is a sentiment we think many teams see as part of their "ideal version" of DevSecOps.)

Next, the poll points to the question of who understands security practices, and how developers can be educated about security. Scanning for vulnerabilities isn’t a new practice, but some organizations still have a limited understanding of how vulnerabilities can have an impact on container deployments. For example, many container and Kubernetes platforms have security controls built in by default, but depending on your business model, you may need tighter, more granular security settings in place. Kubernetes comes with a learning curve, and the nuances of applying security policies to namespaces and clusters are complex. All of this might not be intuitive for application teams.

wordpress-sync/blog-container-security-report-teams

On that note, respondents were asked if they believe that application teams have enough experience to identify cloud security vulnerabilities. The majority said no. This points back to all of the expectations put on developers: they have to create great user experiences, address bugs, make applications usable, and now also manage security and testing. When you hear the phrase “full-stack developer,” you might initially think of a developer who can create both the front and back end of an application. But with cloud-native apps, “full stack” can include the full technical stack, all the way down to containers and IaC. A great way to give security context to application teams is to give them the tools that help them understand vulnerabilities and how to mitigate them.

"If you link [Snyk and Sysdig] together, and integrate them, there’s all this great information about what’s running in the cluster. The important details from a container perspective get fed back so the developer doesn’t have to wade through all of that themselves – they see the details they need back in their tools."

Jim Armstrong

Product Marketing, Snyk

While not all developers can be security experts, some organizations have identified developers who can act as security champions, bringing stakeholders together to discuss security concerns across a project. This makes security a shared responsibility. Poll responses showed a trend in this direction: the largest percentage of respondents said that security is a collaborative effort in their organizations.

Continuing with that trend, approximately half of poll respondents reported that the work of creating cloud infrastructure configurations, and also of designing and configuring containers, was a collaborative effort across cloud, operations, development, and security teams. As the work of securing cloud environments and containers becomes a shared effort in more organizations, tools that enable teams to incorporate security into their processes — like Snyk Container — are becoming even more valuable.

"It does get a little more tricky [when you’re working with containers]. There are security teams who say 'We'd better get educated quickly on what containers bring. How is it different, and if it is different, are there things we need to shift and change in how we handle it and what tools we’re using?'"

Eric Carter

Director of Product Marketing, Sysdig

A platform that enables people on various teams to identify and fix container security issues can add considerable power and flexibility to your workflow.

Read the report... and check out the webinar

Hear a full discussion about the top findings from the report in a webinar with panelists from Snyk and Sysdig, hosted by Techstrong.

Download the report here.

Posted in:Container Security, DevSecOps
wordpress-sync/feature-container-security-report

8 Expert Tips to Secure Your Pipelines

Find security issues in the pipeline before you push to production with these 8 actionable scanning and integration tips.

See the cheatsheet

Start securing AI-generated code

Create your free Snyk account to start securing AI-generated code in minutes. Or book an expert demo to see how Snyk can fit your developer security use cases.

No credit card required.

Start free with GithubStart free with Google

Or Sign up with

SSOBitbucketAzure ADDocker ID

By logging in or signing up, you agree to abide by our policies, including our Terms of Service and Privacy Policy

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon