Report: 75% of containers found to be operating with severe vulnerabilities

A new report by Sysdig reveals that as teams rush to expand, container security and usage best practices are sacrificed, leaving openings for attackers. In addition, operational controls lag, potentially resulting in hundreds of thousands of dollars being wasted on poor capacity planning. All of these are indicators that cloud and container adoption is maturing beyond early, “expert” adopters, but moving quickly with an inexperienced team can increase risk and cost.

One of the most shocking findings is that 75% of containers have “high” or “critical” patchable vulnerabilities. Organizations take educated risks for the sake of moving quickly; however, 85% of images that run in production contain at least one patchable vulnerability. Furthermore, 75% of images contain patchable vulnerabilities of “high” or “critical” severity. This implies a fairly significant level of risk acceptance, which is not unusual for high agility operating models, but can be very dangerous.

The analysis also revealed that 73% of cloud accounts contain exposed S3 buckets and 36% of all existing S3 buckets are open to public access. The amount of risk associated with an open bucket varies according to the sensitivity of the data stored there. However, leaving buckets open is rarely necessary and it’s usually a shortcut that cloud teams should avoid.

Similarly, Sysdig also found that 27% of users have unnecessary root access – most without MFA enabled. Cloud security best practices and the CIS Benchmark for AWS indicate that organizations should avoid using the root user for administrative and daily tasks, yet 27% of organizations continue to do so. Forty-eight percent of customers don’t have multifactor authentication (MFA) enabled on these highly privileged accounts, which makes it easier for attackers to compromise the organization if the account credentials are leaked or stolen.

The report also digs into the amount of money being wasted on poor capacity planning, the ratio of human to non-humans in the cloud, container lifespan and density data, along with open source project adoption.

Read the full report by Sysdig.