Sysdig Report Surfaces Shifts in Container Adoption

An annual “Container Usage and Security Report” published today by Sysdig finds there has been a significant shift in terms of the types of container engines organizations are employing.

Based on an analysis of 2 million containers that Sysdig continuously analyzes on behalf of customers, the survey results show reliance on Docker has dropped to 50% from 79% a year ago. In its place, IT organizations are making greater use of the containerd (18%) and the Container Runtime Interface (CRI) for container images that comply with the Open Container Initiative (OCI).

The technical oversight committee for Kubernetes for the past year has been telegraphing its intention to deprecate support for Docker engine as part of an effort to encourage IT teams to shift to a runtime that is optimized specifically for the platform (CRI-O).

At the same time, containerd is gaining traction as a lighter-weight alternative to Docker that is being advanced under the auspices of the Cloud Native Computing Foundation (CNCF), which also oversees the development of Kubernetes.

The Sysdig report also notes that reliance on the open source Prometheus monitoring platform, which also is being advanced under the auspices of the CNCF, grew 35% year over year.

The Quay container registry developed by Red Hat has seen a 60% increase in adoption, while the Golang programming language jumped 66% in terms of usage for building applications, according to the report.

From a cybersecurity perspective, however, issues remain. More than half (58%) of containers configured are running as root, which makes them prone to being compromised by cybercriminals that have found a way to gain access to credentials used to deploy them.

However, just under half of containers (49%) are running for less than five minutes, so it would appear many IT teams are counting on the fact that cybercriminals might not have enough time to discover their containers before they are replaced.

Meanwhile, the density of container environments has increased by a third (33%). Janet Masuda, chief marketing officer for Sysdig, notes that means there are a lot more potential insecure containers running as root that need to be protected at the runtime level. That decision to run containers as root also creates a major compliance issue that many organizations will be forced to address in 2021, she notes.

On the plus side from a cybersecurity perspective, adoption of Falco, an open source tool for detecting container vulnerabilities at runtime originally developed by Sysdig and now being advanced under the auspices of the CNCF, has seen an increase in adoption by a factor of three.

The Sysdig report also notes nearly three-quarters of organizations (74%) are scanning container images during a build stage on their continuous integration/continuous delivery (CI/CD) platform.

In theory, at least, the shift toward building and deploying microservices-based applications based on containers will drive more organizations to embrace best DevSecOps practices in the year ahead. In the meantime, IT organizations should also assume cybercriminals will become a lot more adept at exploiting container security issues that, in the months ahead, will surely be discovered and disclosed.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1641 posts and counting. See all posts by Mike Vizard