Sysdig 2023 report reveals 87 percent of container images have high-security issues
Sysdig, a solutions provider for secure and reliable cloud development, has released its sixth annual report on cloud-native security and container utilization. The report spotlights that both supply chain risks along with a lack of preparation around using Zero Trust architecture pose serious issues in cloud and container environments. Additionally, the report reveals that companies overspend by millions of dollars on extra cloud storage capacity for heavy workload applications due to challenges with capacity planning.
The Sysdig report examined customer information collected from billions of containers, thousands of cloud accounts and hundreds of applications. The report reveals that the two primary cloud security issues are misconfiguration and vulnerability. The story only gets worse, as a single company’s issues with security are magnified across that company’s software supply chain.
The report uncovered a rise in container image vulnerabilities from 75% to 87%, even with government organizations amplifying their cybersecurity guidance. Despite this, the report noted that 71% of these vulnerabilities have a fix that has not yet been implemented, and some container images contain multiple security flaws. Businesses recognize the security risks associated yet find it difficult to patch these vulnerabilities without affecting the software release process.
Recommended reading: Sysdig eases Kubernetes troubleshooting pain with new Advisor in monitoring tools
According to Gartner’s predictions, by 2023, inadequate management of access rights, privileges and identities will cause 75% of security issues — an increase from the 2020 figure of 50%. Sysdig found that the great majority of permissions assigned within 90 days remain inactive. Moreover, administrators only use a small fraction of their privileges.
Other report findings: 58 percent of identities are non-human roles, a decrease from 88 percent the previous year. The report proposes that enhanced identity and access management practices and the allowance of more employees to access resources could cause this. The increased business activity within cloud environments likely drives this trend.
“Looking back at last year’s report, container adoption continues to mature, which is evident by the decrease in container life spans,” said Michael Isbitski, the director of the cybersecurity strategy at Sysdig. “However, misconfigurations and vulnerabilities continue to plague cloud environments, and supply chains are amplifying how security problems manifest.”
Sysdig’s data demonstrates enterprises invest a significant amount in Kubernetes systems. Companies with 1000 nodes or more could reduce costs by over $10 million annually by optimizing their spending.
Containers often only need to remain active for a brief period until the assigned job completes, so their average lifespan is relatively short. The dynamic nature of containers is one of the technology’s key benefits, as container images can be created as required. Currently, 70 percent of containers have a lifespan of fewer than five minutes.
“This year’s report shows great growth and also outlines best practices that I hope teams adopt by the 2024 report, such as looking at in-use exposure to understand real risk and to prioritize the remediation of vulnerabilities that are truly impactful,” Isbitski further added.
Linaro takes control of Arm’s Forge HPC software tools
Article Topics
containers | Kubernetes | market research | misconfiguration | security | Sysdig | Zero Trust
Comments