Containers are a very popular way to deploy microservices, and because of how easy they are to spin up, any particular service might be up and running for just a couple of days -- or even just a few minutes, said Gavin Millard, technical director at Tenable Network Security.
"It allows organizations to be hyper-scalable when required," he said.
The ease and speed of deploying the containers mean that security is often forgotten.
"Quite often, the CISOs don't even know that Docker is running within their infrastructure," he said. "With a lack of visibility, you get a lack of understanding of what vulnerabilities and misconfigurations that exist in those systems."
For example, he recently scanned popular Linux-based containers, and found 80 vulnerabilities right out of the box. Those need to be patched before the container is actually put into production.
When they're not, a company's attack surface could expand dramatically overnight.
"We acquired a container security company, giving us the ability to look into those container images," Millard said.
FlawCheck, which Tenable bought last fall, scans container images for vulnerabilities, malware and other risks, and also provides continuous monitoring to ensure that containers stay up-to-date after they've been deployed.
"Even if you download a vulnerable image, you can take the appropriate remediation step and get rid of those vulnerabilities before it's pushed out into the production environment," he said.
This process has to be automated. Traditional, physical servers, would typically last three to five years, and companies could manage them manually.
"Fifteen years ago, I knew exactly how many servers I had," Millard said. "I even named them after famous race horses."
The average lifespan of virtual servers is two to three weeks, he added.
Containers, however, have an average lifespan of just 9.25 hours, according to software performance analytics company New Relic. And the biggest growth last year was in containers that have a lifespan of less than a minute.
Last summer, Docker CEO Ben Golub reported that more than 4 billion containers had been deployed, with more than 460,000 Dockerized applications, a growth of 3,100 percent over the past two years.
And companies that were already running containers saw their usage increase 192 percent between 2015 and 2016, according to New Relic. Even more dramatically, the maximum number of containers within a single company rose from 1,596 in 2015 to 135,630 in 2016. The average number of active containers at a single company is now 28,000.
According to a report released earlier this month by RightScale, 40 percent of enterprises are already using Docker containers, and another 30 percent are planning to do so.
Sign up for CIO Asia eNewsletters.