Container Security Challenges Impacting Pace of App Dev
A global survey finds 96% of respondents reporting their companies are experiencing cloud-native application challenges that are leading to slower deployment cycles, with more than two-thirds (67%) naming security as the top challenge.
The survey was conducted by Tigera, a provider of a cloud-native application protection platform (CNAPP) based on open source Project Calico software, and polled 304 security and IT professionals.
A full 98% of respondents noted they needed to invest in container security, with runtime security topping the list. A full 99% of companies also require network security, with well over two-thirds (69%) also identifying container-level firewalls as the top need.
The survey also suggests organizations are encountering significant compliance challenges. A total of 87% of respondents said meeting compliance requirements is critical, with 84% of respondents reporting that meeting compliance requirements for cloud-native applications is challenging. Nearly two-thirds (63%) said their organization must provide container-level information for compliance requirements, with 90% saying audit reports are challenging to produce.
Overall, the survey finds three-quarters of respondents (75%) reporting that their organizations are focusing on development on cloud-native applications. The survey also finds 97% of respondents encountering observability challenges with cloud-native applications, with three-quarters (76%) needing visualization into container runtimes. A full 99% of respondents said containers require access to other applications and services.
Utpal Bhatt, chief marketing officer for Tigera, says the survey makes it clear that while securing container runtimes is the highest priority, there is now a greater appreciation for the need for container firewalls, as well. The fundamental challenge is that a lack of visibility into container environments makes it challenging to enforce security policies that might prohibit one microservice from interacting with another, he adds.
That issue will only become more pressing as the number of workloads being deployed on container platforms continues to grow. Gartner estimates that by 2025 more than 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021.
The primary security challenge containers create is that it is simply too easy for developers to inadvertently employ containers to encapsulate software components with known vulnerabilities. In theory, organizations are embracing DevSecOps best practices to shift more responsibility for application security further left toward developers. However, it’s not likely developers will broadly acquire the cybersecurity expertise required to ensure the integrity of software supply chains.
At the same time, cybercriminals are starting to take advantage of the lack of observability into container runtime environments to inject rogue containers loaded with malware. IT and security teams need to make sure only validated containers are allowed to run. The issue, of course, is that the need for additional security may require development teams to slow down so those policies can be consistently enforced.