Container adoption approaching maturity at expense of security best practices
Organisations need to step up efforts to secure their containers, according to Sysdig. More than 75% of running containers have vulnerabilities, partly as a result of ignoring security and operational best practices.
Sysdig's 2022 Cloud-Native Security and Usage Report shows that containers are being created faster than ever, however, security and operational controls are left to suffer. Such neglect could lead to security breaches and money wasted on capacity planning.
Of the 75% of containers with high or critical vulnerability, suggesting that organisations are accepting this level of risk that could be dangerous. Further, 85% of images in production include at least one vulnerability that needs to be patched.
Container density grew again in 2021, a nearly 15% increase year-over-year and a 360% increase in four Container density grew 15% from the previous year. Sysdig recommends the best practice that organisations set resource limits, despite DevOps teams' tendency to expand cloud environments.
Further, 73% of cloud accounts have exposed S3 buckets and 36% are available through public access. The risk varies depending on what is contained in the buckets, however, Sysdig warns that it's not usually necessary to leave them open.
The report suggests that container adoption is reaching maturity however it could be moving too fast for less experienced teams, resulting in increased risk and cost.
Container environments such as Kubernetes can make it difficult for capacity management and planning - 60% of containers have no CPU limits defined, and 51% have no memory limits defined.
“Without knowing the utilisation of clusters, organisations could be wasting money due to overallocation or causing performance issues by running out of resources. Given the average cost of Amazon Web Services CPU pricing, an organisation with 20 Kubernetes clusters could be overspending up to $400,000 yearly,” Sysdig states.
Less experienced teams may overlook issues such as unnecessary root access. This affects 27% of organisations, according to the report - and many users (48%) fail to enable multi-factor authentication (MFA) on highly privileged accounts. This, Sysdig says, makes it easier for attackers to gain access to an organisation's systems.
The majority (76%) of containers run as root, suggesting that organisations are slow to adopt best practices, possibly due to non-mature DevSecOps processes.
The report concludes, “Cloud technologies continue to expand their role in transforming how organisations deliver applications. With security becoming a growing concern among DevOps teams, it is good to see that teams are implementing security during the build process. However, more work is needed to secure both containers and cloud services to prevent possible vulnerabilities from entering production. Runtime threat detection will continue to be critical to securing the cloud, as even the most robust programs will not address all software vulnerabilities and misconfigurations.