We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Just 3% of respondents correctly noted that a container is not a security boundary. This finding, combined with the fact that 70% believed traditional tools — such as an IPS or firewall — could protect against attacks in progress in a cloud-native environment, highlights the difficulty and complexity of understanding key cloud-native security risks and how to counteract them.
A full 58% did not feel at risk for zero days in containerized environments, and security researchers have found attackers are becoming increasingly sophisticated over time. Fifty percent of vulnerable targets are being attacked within the hour. And while 73% of respondents were confident in their ability to stop software supply chain attacks, only 32% were confident in the runtime capabilities required to stop threats like Kinsing malware, which only downloads in runtime.
Practitioners did not report strong plans to invest in runtime as a key part of a full lifecycle cloud-native security strategy. Runtime security is critical in protecting against attackers evading static analysis or otherwise getting around more popular, and better understood, shift-left controls. While static analysis plays an important role in container security, it is by no means a silver bullet. Even the most complete shift-left vulnerability and malware detection cannot prevent zero-day attacks and administrator errors.
Despite the widely publicized threat landscape, only 24% of respondents claimed they planned to introduce runtime controls in the coming year, while less than 16% were in fact planning on investing in the necessary building blocks of runtime security (for example, ensuring container immutability). These investment plans were reported despite the fact that only 26% of respondents said 70% or more of their cloud-native security stack could stop an attack in progress in a cloud-native environment.
The study interviewed 150 practitioners across industries ranging from financial services to the public sector. The cohort of practitioners interviewed all worked for large organizations, with headcounts ranging from 1,000 to over 10,000. Forty-seven percent had at least five years of cloud-native security business experience.
View the full Aqua Security 2021 Cloud Native Security report.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.