IDCA NewsAll IDCA News
11 Feb 2022
Report: Seventy-five percent of containers have security issues
Containers are increasingly used in cloud-based applications. However, failing to follow security and operational best practices increases risk and wastes hundreds of thousands of dollars. This is one of the worrying conclusions of a new report by security firm Sysdig.
In its fifth annual report, the company explores how its customers of all sizes and across industries use and secure cloud and container environments. Data from billions of containers run yearly provides insight into the usage trends, security, compliance, runtime, and cloud practices.
The report paints a rather gloomy picture. IT departments are cutting corners to accelerate deployments. According to the company, ‘Organizations take educated risks for the sake of moving quickly; however, 85% of images that run in production contain at least one patchable vulnerability. Furthermore, 75% of images contain patchable vulnerabilities of “high” or “critical” severity. This implies a fairly significant level of risk acceptance, which is not unusual for high agility operating models, but can be very dangerous’.
Overallocation results in additional expenses
The security firm found other issues as well. 73% of cloud accounts include exposed S3 buckets, and 36% of all existing S3 buckets are open to public access. Depending on the sensitivity of the data stored in an open bucket, the risk associated with it varies. Leaving buckets open is rarely necessary, and cloud teams should avoid this shortcut, the company says.
As Kubernetes environments are constantly changing, it is difficult to manage capacity and to plan for how many resources each container can utilize. The report found that sixty percent of containers had no CPU limits set, and 51% had no memory limits set. In clusters with CPU limits, an average of 34% of CPU cores were unused. By not knowing the utilization of clusters, organizations could be wasting money through overallocation or causing performance problems. According to Amazon Web Services' CPU pricing, an organization with 20 Kubernetes clusters could be overspending up to $400,000 a year, the report concludes.
IT departments deploying containers are also making classic security mistakes. The CIS Benchmark for AWS and cloud security best practices recommend organizations avoid using the root user for administrative and daily tasks, yet 27% of organizations do so. Forty-eight percent of customers don't have multi-factor authentication (MFA) enabled on these highly privileged accounts, making it easier for attackers to compromise the organization.
Photo credit: Sigmund
Follow us on social media: