Security in the cloud has always been among the top topics, but often it was also a bit neglected. This though is changing out of necessity. The reason? Cloud security risks are on the rise.
This is quite obvious when we take a look at the 2019 Vulnerability and Threat Trends Report by Skybox Security. It shows a sizeable growth of vulnerabilities in cloud containers, Forbes reported.
Cloud containers are replacing traditional Virtual Machines in a lot of cloud deployments because they are easier, faster and cheaper. But they also turn out to be less secure. Mainly because old container images which have vulnerabilities get quickly replicated and deployed in various cloud infrastructures.
Lots of issues
The problem is that these vulnerabilities are rarely sorted out. As a result, Skybox records a 46% increase of vulnerabilities in containers in the first half of 2019 alone, compared to H1 of 2018. And if we go back to H1 of 2017, then the rise is a whopping 240%.
“Cloud technology and adoption has obviously skyrocketed, so it’s no surprise that vulnerabilities within cloud technology will increase,” said Skybox Director of Threat Intelligence Marina Kidron.
“What is concerning, though, is that as these are published, the race is on for attackers to develop an exploit because launching a successful attack on a container could have much broader consequences. Compared to other technology, containers can be more numerous and quickly replicated. The attack footprint could expand rapidly, and a number of victims may be extremely high.”
Some vulnerabilities, like the CVE-2019-5736 from earlier this year, could affect a wide array of containers. In this particular case it affected Docker and Kubernetes, but also runC distributions.
It’s not all bad, but more training is needed
Of course, there are some good news, too. Most vulnerabilities get to a fix rather quickly. In the first half of 2019 there were more than 7000 vulnerabilities posted. Only 659 will have an exploit and less than 1% will have a large scale attack.
Still, even one large scale attack could bring a lot of issues and losses. Also, the ones that make it to this level, usually are getting more and more complex. And it’s also not possible to know which vulnerabilities will get to this level until it actually happens.
Atherton Research Insights says that containers are the future of cloud computing. As much benefits as they bring, they also require extra careful approaches. So, enterprise IT teams should be more vigilant and tighten up the security of these containers.
This should also reflect to better employee trainings to reflect the new realities. IT trainers should also explore security topics more as it’s going to be a very important trend. Especially since many companies are just now starting to realize that as safe as the cloud is, it’s not a one-and-done thing, but it requires effort from both the vendor and the client to keep it secure. It’s also a good idea to raise the question among peers and trainees to get them engaged in this area and gauge their awareness of the issue.