Key Insights from 2019 Sysdig Container Usage Report
If your team is in the software space, you've got to be hearing "Kubernetes" more and more these days. In all fairness, it's not just a buzzword; but something that provides real value for your business needs. While Kubernetes enables teams to run software at scale; it's really containers that are considered as the currency of the cloud-native era. This year, Sysdig published Container Usage Report that highlights key findings - from usage pattern of containers to security. This article touches on some of those key findings.
More than half of all containers live for 5minutes of less: While 2018 saw only one-fifth of containers that live for 5minutes or less; in 2019, that number has jumped up to a staggering 54%. According to head of security and compliance, SaaS Software Company:
Short-lived containers are a big security challenge. Processes start and stop so quickly that it's easy to miss suspicious activity.
100% increase in container density year over year: Container density has doubled over the last year as the containerization process is maturing and sophistication process is helping companies pack more and more in their running containers. Suresh Vasudevan, Sysdig's CEO, mentions in the report:
With container density doubling since our last report, it’s evident that the rate of adoption is accelerating as usage matures.
RedHat OpenShift leading the On-Prem Race: RedHat's offering of commercially supported on-prem Platform-as-a-Service solution OpenShift comes out on top of on-prem Kubernetes race with 43%. With vanilla Kubernetes usage at 34% and Rancher at 7%, combined Kubernetes-based PaaS cover 84% of on-prem choice. If you're still deciding on taking the Kubernetes-train or not; these numbers should provide a pretty strong indication.
Docker leading Container-Runtimes; CRI-O expected to grow in future: Docker, being the most widely known runtime engine for containers, is favoured 4 out of 5 times as container runtime engine. At the same time, CRI-O has made its debut which is a lightweight runtime for Kubernetes. It is expected that CRI-O's use will climb over the coming years, as customers running Red Hat OpenShift migrate from v3 to v4, where CRI-O replaces the previously provided Docker engine.
More than half container images got an 'F' in vulnerability test: Vulnerabilities with high or greater severity level were found on 52% of the containers images scanned; no wonder that open-source projects like Harbor are gaining popularity. The report found a median of 21 containers running as root on the hosts surveyed. Not a good idea for containers running in production as a root-level container could potentially be used in a privilege escalation attack. Spokesperson from a global travel company noted the report:
We need to check configurations and validate that our images are free of vulnerabilities before pushing to production.
Reference