Dissertation: Managing the security of containerized applications requires more than technical solutions
Software containers are widely used for developing and deploying modern software systems. They support fast development and scalable deployment. However, their increasing adoption has introduced complex security challenges. These challenges affect multiple phases of the software lifecycle, including development, deployment, and runtime environments .
In a doctoral dissertation conducted at the Faculty of Information Technology, it is examined how security in containerized applications is managed in practice. The study focuses on practitioners’ experiences and highlights the socio-technical nature of container security. The findings show that security cannot be achieved through technical tools alone, but depends on human expertise, organizational practices, and coordination across teams.
Security challenges are continuous and interconnected
The dissertation demonstrates that container security is not a single activity. It is a continuous process that spans the entire lifecycle of containerized systems. Security issues are interconnected, where vulnerabilities in one phase can affect other phases .
Practitioners identified common threats such as misconfigurations, insecure container images, and vulnerabilities in networks and runtime environments. Misconfiguration was reported as one of the most critical threats in practice .
The dissertation reveals that practitioners are uncertain about the effectiveness of current security practices. Despite the use of automated tools and security scanners, practioners are struggling with proper implementation and human understanding of tools to achieve security for container systems.
Human and organizational factors play a central role
A key contribution of the dissertation is the identification of socio-technical factors that influence container security. The results show Technical factors such as, Threat identification , container testing, security practices, logging and monitoring, and artificial intelligence highly affect security in containerized projects. In addition, the non-technical factors, such as knowledge sharing and human communication and collaboration, play a critical role in security outcomes .
The thesis provides various practical experiences on security management on containerized project . In addition, it provides a conceptual model that help practioners to understand and mange security in container systems based on these experiences.
Implications for research and practice
The dissertation contributes to software engineering research by providing an empirically grounded understanding of container security. It integrates insights on security threats, practices, and enabling factors from a practitioner perspective.
The results suggest that improving container security requires:
- stronger alignment between technical tools and human practices
- development of standardized guidelines
- better coordination across teams and roles
These findings support organizations in evaluating and improving their current security practices.
M.Sc. Maha Sroor defends their doctoral dissertation in information systems science “Managing the Security of Containerized Applications: Threats, Practices, and Enabling Factors".
Opponent is Associate Professor Nicole Novielli (University of Bari, Italy) and Custos Professor Tommi Mikkonen.
The language of the dissertation is English. The dissertation can be followed in C4 hall or online.
