Cloud container vulnerabilities have increased by 82% in 2019 so far, a cybersecurity report has suggested.
Skybox Security, a global cybersecurity management firm recently released the Cloud Trends report which was taken out by the company’s Research Lab.
The focus of the survey was to analyse risks in cloud infrastructures as a service (Iaas), such as vulnerability trends. Containers, orchestration platforms, and DevOps tools were also encountered as part of the analysis.
Key findings of the research show that, along with the increase of container vulnerabilities, there is likely to be a 50% increase in vulnerabilities affecting cloud IaaS solutions when compared to the 2018 figures.
Additionally, it was found that third-party cloud plugins and apps are further expanding the attack surface. It also revealed that the greatest risk to cloud security is thought to be down to misconfigurations.
Gartner, the global research and advisory firm, suggests that by next year, over half of companies will use container technology. This means, there could be significant consequences if this isn’t handled correctly.
“Vulnerabilities within IaaS cloud solutions are naturally going to continue to climb as these services are more widely adopted,” said Skybox Chief Technology Officer Ron Davidson.
“Organisations would be wise not to be too distracted by this increase in vulnerability reports. The biggest cloud insecurities don’t exist within the service provider’s infrastructure itself, but in the way that companies implement and manage the technology. Without proper security considerations and oversight, misconfigurations and policy violations may abound. These process-related issues are hiding in plain sight within organizations — and they present the greatest risk.” Davidson added.
Re-thinking traditional ways of working
Amrit Williams, VP of products at Skybox suggests that it is difficult to manage risks in cloud environments because of the traditional ideals used with tools, and processes, leaving teams being too “ill-equipped” to bear the speed and volume of changes in cloud environments.
The VP continues: “Handling the security and management of disparate infrastructures is incredibly complex, so many organizations are being forced to rethink how to maximize the effectiveness of their cloud deployments while maintaining efficiency. This report highlights the need for organisations to try and unify their methodologies across their hybrid infrastructure, while still understanding there are unique challenges with cloud.”