Container Security Is Falling Behind Container Deployments

  /     /     /  
Publicated : 23/11/2024   Category : security


Container Security Is Falling Behind Container Deployments


Organizations are increasingly turning to containers even though they are not as confident in the security of those containers, according to a new survey.



Containers — virtualized applications that are key to DevOps — are maturing as critical parts of enterprise application infrastructures. And even though security strategies are maturing, organizations are still struggling to have security keep up with the other facets of container deployment.
A new report, sponsored by StackRox and based on research by AimPoint Group, shows that more than a third of companies havent begun to implement a container security policy yet. While 15% say their company is in the planning stage with its container security strategy, 19% say that they havent even gotten that far.
Part of the problem, says StackRox CEO Kamal Shah, is the complexity of the environment into which containers are being deployed. While many people look at containers as a technology for the cloud, Shah says, We found that 70% are running containers on-prem and 53% are running in hybrid mode, which means running it on-premises as well as on one of the public cloud platforms.
Companies are turning to containers because the speed of deployment in containers is critical for organizations that are implementing agile or DevOps disciplines. And studies by other researchers show that some container practices, such as downloading and reusing popular pre-existing application images, dont insulate a company from security issues.
Jerry Gamblin, principal security engineer at Kenna Security,
scanned the 1,000 most popular application
images and found that over 60% of the top Docker files held a vulnerability with at least a moderate risk score, and over 20% of the files contained at least one vulnerability that would be considered high risk. [Note: A
container
is a virtualized application running on a system. An
image
is the file containing that application and its configuration files before it is launched.]
When looking at the source of vulnerabilities, the
StackRox report
says that poor deployment is the principal problem. According to the report, 60% of executives say that misconfigurations create the greatest security risks.
The challenge in this new world is that there are a lot of options, a lot of controls that you have to configure, and there are a lot of configuration options, Shah says. On top of that, what makes matters worse is that a lot of the controls that exist are not enabled by default.
Those controls are important because 43% of respondents say that runtime is the phase of the container life cycle that worries them the most. Though the report indicates that fixing issues is most cost-effective in building or deployment phases, the lack of a container security strategy hinders many companies in making those fixes.
Procedures and tools are available for better container security, if companies will employ them. Researchers at Alcide conducted surveys of best container practices and found that a
handful of processes
can make a huge difference in container security. Those best practices include familiar items like regular software updates and secure access, as well as container-specific practices, including namespace isolation (keeping containers completely separate from one another) and automated tools for scanning and setting container configurations.
Related Content:
Answer These 9 Questions to Determine if Your Data Is Safe
Malware in PyPI Code Shows Supply Chain Risks
The Truth About Vulnerabilities in Open Source Code
The Truth About Your Software Supply Chain
Serverless Computing from the Inside Out
 
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the 
conference
 and 
to register.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Container Security Is Falling Behind Container Deployments