Over 70% of Fortune 100 companies use cloud containers in some form. As cloud adoption and Kubernetes adoption (a container orchestration system) have increased, so too have the number of associated vulnerabilities; but until this point, container security hasn’t received the attention that it deserves.
Across the first six months of 2019, cyber risk in cloud container software jumped by 46% as compared to 2018, and by 240% as compared to 2017.
Once a hacker chooses a kill chain, he or she could potentially break into a container, sneak into a server, and ultimately wreak havoc for a company.
Last year, 60% of US organizations dealt with security incidents related to their container usage. “What is concerning…is that,” because of containers’ technical structure, “the attack footprint could expand rapidly, and a [the] number of victims may be extremely high,” reports one expert.
According to Gartner’s Emerging Risks Report, 110 senior executives across risk, audit, finance and compliance roles identified cloud computing as the top cyber related concern within the second quarter of the year. With cloud computing, containers are practically mandatory.
So how to protect your containers?
- One strategy is to encrypt. All Kubernetes information was stashed in plaintext, prior to version 1.7 of the orchestrator. Some services, like Amazon Web Services (AWS), now encrypt by default, but additional application-layer encryption can be necessary.
- In modern applications, open source components make up 60-80% of the code base. Be sure to identify any vulnerabilities in open source code before running it on a container. In the case that a vulnerable piece of code passes through a container undetected, companies should have systems in place to track the strands of open source code within their programs or products.
- When patching containers, rebuild them altogether instead of merely patching individual components. Rebuilding offers certain security advantages, including automated deployment of patched vulnerabilities.
For more information on how to safeguard cloud containers, visit TechBeacon.