Sysdig Usage Report Finds Shifting Container Security Left is Not Enough

13.1.2021 15:00:00 EET | Business Wire | Press release

Sysdig, Inc., the secure DevOps leader, today announced findings from its Sysdig 2021 Container Security and Usage Report. While usage reveals organizations are shifting left by scanning images during the build phase, DevOps teams are still leaving their environments open to attack. The report also looks at trends, finding a 310 percent growth in container density since 2017.

The fourth annual report reveals how global Sysdig customers of all sizes and across industries are using and securing container environments. This real-world, real-time data provides insight into usage of the nearly one billion containers Sysdig customers run yearly, including security risks, container utilization, and services used. Read the Sysdig 2021 Container Security and Usage blog.

Among its findings, the report states that while 74 percent of customers are scanning before deployment, still more than half (58 percent) of containers are running as root. There are some containers that should run as root—security and system daemons for example—but this is a small portion of total containers. These risky configurations leave easy access to potentially compromise the system and access sensitive data. This finding stresses the need for security throughout the lifecycle of a container image—fixing vulnerabilities is not enough.

Highlights From the Report

Container density grows 170% since 2018

Over the past three years, the median number of containers-per-host more than doubled from 15 in 2018 to 41 today, indicating a growth in efficiency and a shift in cost savings as containers mature. This reveals a continued focus on optimization.

Prometheus continues to grow, 35% YoY

Open source adoption is broader than just Kubernetes as organizations are shifting toward Prometheus as the standard approach to monitoring container environments. The use of Prometheus metrics among Sysdig customers grew 35 percent year-over-year.

Docker down, containerd and CRI-O up 4X

In 2017, Docker represented 99 percent of containers in use at that time. Today, that number has fallen to 50 percent, down from 79 percent in October 2019. While Docker revolutionized containers, organizations are rapidly switching to newer runtimes like containerd and CRI-O.

21% of containers live less than 10 seconds

The ephemeral nature of containers is a unique efficiency advantage, yet it can be a challenge in managing issues around security, health, and performance. The short life of containers reaffirms the need for container-specific tools for security and monitoring. For example, organizations need metric collection with intervals of less than 10 seconds and a detailed record of what occurred when the container was alive.

“With the high-profile breaches we are seeing and the accelerated adoption of containers in production, the container security risk is now on the radar of CISOs. Across millions of containers that we have studied, it’s clear that organizations are shifting security left, but they are neglecting critical best practices,” said Suresh Vasudevan, chief executive officer of Sysdig. “Container security has to span the entire software development lifecycle. Until organizations fix risky configurations, protect their runtime environments, and invest in container forensics, we will see an increase in container security breaches. I expect we will see several high-impact breaches before we release our next report.”

Other Interesting Findings

Falco, the open source runtime project for cloud-native environments created by Sysdig and donated to the CNCF, has seen a 300 percent increase in Docker Hub downloads over the last year.
The use of golang increased to 66 percent, a 470 percent jump since last year.
63 percent of container images are replaced within two weeks or less, signifying a more frequent code deployment rate.

Learn More About this Report

Download the full Sysdig 2021 Container Security and Usage Report.
Download the infographic.
Read the usage report blog.
Join the webinar Real-World Insights: Dig into Sysdig’s Container Security and Usage Report on Jan. 21 at 10am PST to walk through the report with the author.

About Sysdig

Sysdig is driving the secure DevOps movement, empowering organizations to confidently secure containers, Kubernetes, and cloud services. With the Sysdig Secure DevOps Platform, cloud teams secure the build pipeline, detect and respond to runtime threats, continuously validate compliance, and monitor and troubleshoot cloud infrastructure and services. Sysdig is a SaaS platform, built on an open source stack that includes Falco and sysdig OSS, the open standards for runtime threat detection and response. Hundreds of companies rely on Sysdig for container and Kubernetes security and visibility. Learn more at www.sysdig.com.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20210113005319/en/

Contact information

Amanda McKinney Smith
(703) 473-4051
amanda.smith@sysdig.com

About Business Wire

Business Wire

http://www.businesswire.com

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Binarly to Unveil “Broken Trust” Research: Firmware Bypass Chains, BMC Persistence, and EDR Evasion16.1.2026 00:04:00 EET | Press release

Binarly, the industry leader in software and firmware supply-chain security, today announced an upcoming DistrictCon presentation “Broken Trust: Firmware Bypass Chains, BMC Persistence, and EDR Evasion.” The session will detail how firmware-level attack chains observed in shipped enterprise devices can effectively undermine modern endpoint defenses, enabling stealthy compromise and long-lived persistence. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260115834965/en/ Binarly Unveils Broken Trust Research: Firmware Bypass, BMC Persistence In this presentation, the Binarly REsearch team will dismantle the assumption of hardware trust by presenting multiple real-world firmware bypass chains. Alex Matrosov and Fabio Pagani will provide a deep dive into the specific vulnerability classes and exploitation primitives that make these attacks reliable in practice. The team will also deliver a live demonstration compromising a fully

World Economic Forum and Salesforce Empower Global Leaders With First-of-its-Kind Agentic Assistant for the 2026 Annual Meeting in Davos15.1.2026 20:06:00 EET | Press release

Salesforce (NYSE: CRM), the world’s #1 CRM, today announced the activation of the World Economic Forum’s institutional knowledge powered by Agentforce 360 to support over 3,000 of the world’s most influential leaders at the 2026 World Economic Forum Annual Meeting. The Forum has launched a new proactive, high-precision concierge app, “EVA,” built on the Agentforce 360 Platform, Salesforce’s agentic platform. EVA will empower attendees to move beyond traditional information access, with an AI agent that doesn’t just answer questions, but can reason, prioritize, and act on a leader’s behalf for the 2026 Annual Meeting. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260115571119/en/ Scheduled for January 19–23 in Davos, Switzerland, this year’s event is set to be the largest meeting in the organization's history. With over 450 high-impact sessions and thousands of specialized interactions, the gap between available insight and

Coolbrook Named on the 2026 Global Cleantech 10015.1.2026 19:14:00 EET | Press release

Coolbrook, a transformational technology and engineering company on a mission to decarbonise major industrial sectors like petrochemicals and chemicals, iron and steel, aluminium, and cement, has been named on Cleantech Group’s 2026 Global Cleantech 100. This annual list recognizes companies poised to deliver market-ready solutions that advance a cleaner, more resilient global future. The report highlights innovators addressing some of the world’s most urgent environmental and infrastructure challenges. The complimentary report introduces you to innovators advancing groundbreaking technologies and business models to enable us to act on the ever-increasing climate and environmental crisis. Following a 2025 marked by geopolitical volatility and shifting economic signals, the global cleantech ecosystem enters 2026 with slightly greater certainty - yet heightened competitive pressure. Growth is concentrating around two dominant themes: AI infrastructure and critical minerals. “The 2026 Glo

Frasca to Supply Four New Flight Training Devices to Global Medical Response15.1.2026 17:05:00 EET | Press release

Frasca International, Inc., a FlightSafety International company, today announced it has signed a contract with Global Medical Response (GMR) to supply four new Level 7 Flight Training Devices (FTDs). The new devices include an Airbus EC135, a Pilatus PC-12, a Beechcraft C90, and a Beechcraft B200. Each FTD will feature Frasca's unique motion system to provide enhanced realism in training. The devices will be installed at GMR’s new training facility currently under construction in Denton, Texas. Frasca has supported GMR’s pilot training efforts for nearly two decades, beginning with the delivery of their first device in 2005 for Air Evac Lifeteam, a GMR company. Since then, Frasca simulators have played a central role in preparing GMR’s flight crews for the complex and high-stakes environments they encounter in emergency medical operations. With the delivery of these new devices, GMR will operate a total of 15 Frasca simulators, including seven Level 7 FTDs and eight Helicopter Trainin

Andersen Consulting Expands Human Capital Offering With Addition of Jakarta Consulting Group15.1.2026 16:30:00 EET | Press release

Andersen Consulting deepens its capabilities through a Collaboration Agreement with Jakarta Consulting Group (JCG), an advisory firm known for its expertise in organizational transformation, human capital strategy, and leadership development. Headquartered in Indonesia, JCG has advised companies in industries such as real estate, mining, and manufacturing through strategic and cultural transformation. With core offerings that include business and management consulting, HR consulting, assessment, and business and management training, the firm is known for its ability to transform businesses and leaders with agility, cultural intelligence, and execution-driven solutions. “We’ve always believed that sustainable transformation begins with people — when leaders evolve, organizations follow,” said Patricia Susanto, CEO of Jakarta Consulting Group. “By combining Andersen Consulting’s global perspective with our regional insight, we can offer clients more holistic solutions to navigate change

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom