Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Report Finds 75% of Cloud Runtimes Contain High or Critical Vulnerabilities

Report Finds 75% of Cloud Runtimes Contain High or Critical Vulnerabilities

This item in japanese

Sysdig’s latest cloud-native and security-usage report finds that shipping containers with vulnerabilities has become standard practice - with the report finding that 75% of containers have high severity vulnerabilities which could have been patched.

The report stresses that many organisations find this to be an acceptable risk, with many organisations prepared to take these risks in order to move and release quickly.

Key takeaways from the report show that many organisations have a long way to go in terms of ensuring that they have appropriate cloud-native and container security.

The report defines a number of key indicators to determine success in cloud native and security, and analyses the responses from a broad array of organisations to show the current trends in the industry. Sysdig offers widely used software that helps users with cloud-native and container security. The anonymous reporting functionality in Sysdig's popular software allows the company to gather valuable insights and adoption stats from its users.

Amazon Web Services’ S3 (Simple Storage Service) provides an ideal mechanism for storing and serving files, but locking this down so that public access isn’t possible takes some effort.  The report found that 36% of AWS S3 buckets are open to public access, and 73% of accounts have at least one public bucket. Whilst this isn’t in itself necessarily a security problem, it’s indicative of organisations taking a security-by-obscurity approach to locking down buckets, perhaps as a zero-trust approach is not considered warranted. This could lead to private information being available publicly across the Internet.

Performance issues and cost overruns feature heavily in the report too - with data showing that more than half of containers deployed to Kubernetes infrastructure have no memory or CPU limits defined.  Adding these enables cluster admins to profile the applications running, and also prevent them from overrunning a cluster, or growing to size where capacity is wasted. This also shows up as a third of CPU cores allocated to clusters were unused - a sign that autoscaling of capacity to meet demand is not a solved problem.

96% of the container platforms in use are Kubernetes, proving that consolidation in this area is almost complete. Measurement and monitoring of usage is also showing a clear adoption trend - with Prometheus use in 83% of organisations at the expense of other less cloud-native solutions. Prometheus has gained an advantage as an open standard, and one that fits well onto applications run in a Kubernetes cluster.

Interested readers can download the full report from the Sysdig website.

About the Author

Rate this Article