Unified container and cloud security company, Sysdig announced key findings from its « Sysdig 2022 Cloud-Native Security and Usage Report ». The report shows that while cloud adoption is accelerating, organizations are failing to follow security and operational best practices, potentially resulting in wasting hundreds of thousands of dollars on poor capacity planning.
Usage trends and security
The fifth annual report focuses on how Sysdig customers use and secure cloud and container environments worldwide. The data provides insight into the usage of containers, including usage trends, security, compliance, runtime, and cloud practices. The report shows that 85% of images running in production contain at least one patchable vulnerability. In total, 75% of images contain “high” or “critical” severity vulnerabilities.
On the other hand, 73% of accounts contain S3 buckets, and 36% of all S3 buckets are open to public access. The report also shows that 27% of organizations use the root user for administrative and daily tasks, which should be avoided. Additionally, 48% of organizations aren’t using multi-factor authentication, making it easier for hackers.
It can be challenging for organizations to handle capacity management and planning in Kubernetes environments. Sysdig states that 60% of containers has no CPU limits defined and 51% had no memory limits defined. 34% of CPU cores are unused, which did have CPU limits. Overallocation causes organizations to waste money and performance issues by running out of resources. With AWS‘ current prices, an organization with 20 Kubernetes clusters could be overspending up to $400,000 yearly. Some other interesting findings are:
- Non-humans outnumber humans in the cloud, with 88% of roles assigned to nonhumans, such as applications, cloud services, and commercial tools. While this isn’t necessarily a bad thing, a best practice is to follow the principle of least privilege and explicitly assign the minimum necessary permissions to each role. Granting excessive permissions is fast and easy for admins but adds risk.
- Container density grew again in 2021, a nearly 15% increase year-over-year and a 360% increase in four years. As containers increase in density, setting resource limits becomes more important, a best practice not being followed as DevOps teams rush to expand cloud environments.
- Massive growth for Falco, the CNCF open-source project contributed by Sysdig. The project now has over 40 million downloads, representing 370% growth since becoming an Incubating project in January 2020. Falco has secured its position as the runtime cloud and container security standard.
- Containers running as root continue to rise. Forty-eight percent of images are scanned before runtime, yet 76% of containers are running as root, a 31% increase from last year. Slow adoption of best practices may indicate broad adoption of container technologies by organizations that have not yet evolved their DevSecOps processes. Privileged containers are easier for attackers to compromise.