Survey: DevSecOps Own Enterprise Containerized Application Security

Survey: DevSecOps Own Enterprise Containerized Application Security

There’s a lot going on in the container world. Just last month we learned that Docker added Kubernetes support to their platform in a move that clearly indicates Kubernetes’ dominance in the container orchestration world. Prior to that, Kubernetes added RBAC Authorization and Support for Outbound Network Policies and Auditing in its latest 1.8 release, while RedHat OpenShift announced its Hybrid cloud support with Consistency for hybrid and multi-cloud footprints. These major announcements are fueling the rapid growth of container adoption and are responsible for their rising momentum.

DevOps + Developers ♥ Containers

Developers love containers for their simplicity, efficiency and availability of developer-focused tooling supporting them. DevOps love containers for their agility and speed. As containers become the application development tool of choice, it raises questions regarding the ownership and division of responsibilities around this process. Since container adoption starts with development, developers and DevOps teams are the ones leading the growing adoption of container technology in the enterprise today, but will this always be the case?

Download the Container Security in the Enterprise Report!

So Who Is in Charge of Container Security Today?

At Aqua, we are constantly in touch with enterprises adopting containers, and the question of security governance has been an elusive one. As part of our Container Security in the Enterprise survey, we wanted to answer this question.

What immediately stands out from the figures is that DevOps play an important role in both current and future ownership of container security. The reason probably lies in the fact that DevOps are the ones that use containers extensively and have a good understanding of how to implement security checks and controls.

What we found out is that DevSecOps are today’s rising star of tomorrow’s secured containerized applications. While only 13% of the surveyed DevSecOps are reported to be responsible for security in the enterprise today, their share doubles to 28% when asked who should own container security moving forward.

Download the Container Security in the Enterprise Report!

While DevSecOps represented 13% for current ownership, the future looks better with support from other roles: Architects are evenly split at 40% between DevOps and Security for current ownership, but they favor Security at 36% and DevSecOps at 29% going forward. Developers, however, favor DevOps at 30% for future ownership and DevOps favors DevSecOps at 37% going forward. This implies that while DevSecOps continue to play a significant role in enterprises using containers, future ownership of container security is still unclear but migrating towards DevSecOps as the most suitable ones to own it.

The benefits of implementing DevSecOps practices in organizations are straightforward and come down to being a key business enabler – working closely with the development and operation teams, and making sure that security is baked into the development pipeline.

Check out our previous blog to learn what industry leaders consider top focus when exploring container security.

Picture of Rani Osnat

Rani Osnat

Rani is the SVP of Strategy at Aqua. Rani has worked in enterprise software companies more than 25 years, spanning project management, product management and marketing, including a decade as VP of marketing for innovative startups in the cyber-security and cloud arenas. Previously Rani was also a management consultant in the London office of Booz & Co. He holds an MBA from INSEAD in Fontainebleau, France. Rani is an avid wine geek, and a slightly less avid painter and electronic music composer.


Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...