Six things you can do in 2023 to improve security and container use.
The 48th IT Press Tour had the opportunity to meet with Pawan Shankar, Senior Director of Product Marketing at Sysdig. Pawan shared with us the key findings from the Sysdig 2023 Cloud-Native Security and Usage Report. The report was compiled based on data from Sysdic customers for billions of containers, thousands of cloud accounts, and thousands of applications during 2022.
Container Vulnerabilities are Exploding
Vulnerabilities propagate every time a base image is reused. Supply chains create a massive attack surface. 87% of images have high or critical vulnerabilities while only 13% of images have low, medium, or no vulnerabilities.
15% of High and Critical Vulnerabilities are In Use at Runtime
Given this, users need to focus on fixing what matters. Prioritize vulnerabilities based on what's in use. Reducing the number to 15% provides a more actionable workflow for modern vulnerability management.
Zero Trust: Lots of Talk, Little Action
Excessive permissions are rampant in the cloud. 90% of granted permissions are not used. Access management is not just about users. It's also about non-human roles (e.g. Lambda). Of cloud users and roles, 42% are human, and 58% are non-human. Companies need to apply least-privilege access based on in-use permissions.
Millions Wasted on Cloud Costs
Customers running 1000 or more nodes could save more than $10 million per year on average. 69% of CPUs are unused. 59% of containers have no CPU limits. 18% of memory is not used. 49% of containers have no memory limits.
Six Key Areas to Address in 2023
Security:
87% of container images have high or critical vulnerabilities.
90% of granted permissions are not used.
15% of high and critical vulnerabilities are in use at runtime.
Container use:
Companies running more than 1,000 nodes could save more than $10 million annually.
72% of containers live less than five minutes -- this is up from 44%.
69% of CPU resources are unused -- up from 34%.