The computer security company Skybox Security released an update to its 2019 Vulnerability and Threat Trends report. As the name implies, this report analyzes the computer vulnerabilities in play during the first half of 2019.
Some of the key findings included the rapid growth of vulnerabilities in cloud containers. With thousands of enterprises declaring allegiance to containers and container orchestration, this can’t be good news.
According to the report, vulnerabilities in container software have increased by 46 percent in the first half of 2019, compared to the same period in 2018, and by 240 percent as compared to the figures two years ago.
What’s a CIO to do?
The obvious reality is that many more containers are in use now than last year and the year before. The rapid growth rate of containers will continue, and thus any systemic vulnerabilities will be exaggerated.
The good news from the report is that out of more than 7,000 known vulnerabilities published in the first two quarters of 2019, only a small fraction (about 650) will ever be exploited. Most important, less than 1 percent will be exploited in a large-scale attack. Still, with thousands of new containers going into production, even 1 percent is a concern.
Core to this issue is the increasing complexity of cloud computing platforms. They’re now made up of containers running on plural public clouds, private clouds, and traditional computing platforms. As containers move to orchestration and federation, the security issues are likely to increase along with the rising complexity.
If we’re not willing to reduce complexity by reducing heterogeneity, how do we improve security? I have a few suggestions:
- When I find deployed container-based applications, I rarely see proper encryption, both within and outside of the container, both at rest and in flight. Although encryption itself increases complexity, and at times can reduce performance, encryption stops most of the risk.
- Use identity and access management. Considering that containers are complex distributed applications, the use of identities that can be configured around leveled and credentialed access comes in handy.
- Finally, proactive monitoring or security operations can solve many problems. The ability to spot odd behavior and alert a human or an automated protection process (such as blocking an IP address) is invaluable.
Is container security something you should worry about? Right now, a bit. Long term, no. That is, if you follow some of my simple suggestions.