Report: Containers Are Weakest Security Link Again
For a second year in a row, a survey of 1,200 IT security decision-makers conducted by the research firm CyberEdge Group finds that, in terms of attack surfaces that organizations feel they can adequately defend, containers were once again identified as the weakest link.
CyberEdge Group COO Mark Bouchard says containers narrowly edged out mobile devices once again as the attack surface survey recipients identified as the most difficult to defend. Conversely, survey respondents identified web applications as the easiest for them to defend.
Bouchard says that in the absence of security tools needed to provide visibility into containers, it is understandable why containers are viewed as potentially the weakest link. The paradox is that many of those containerized applications are more likely to be updated with the latest patches than are legacy applications, because it’s much easier for developers to rip and replace containers than it is to patch an entire monolithic application.
On the plus side, Bouchard says it’s only a matter of time before more security engineers drive best DevSecOps processes as security issues continue to be addressed as part of the software quality assurance process. In fact, the adoption of containers is in many ways forcing that DevSecOps issue, he notes.
The survey finds container security tools rank fifth among the application and data security technologies that survey respondents plan to acquire. The other four technologies ranked ahead of container security as priorities for 2019 are application programming interface (API) gateways, deception technologies, application delivery controllers (ADCs) and application testing tools. Other cybersecurity technologies also attracting significant amounts of investment include analytics and biometrics, so as always, the cybersecurity budget is likely to be stretched thin in most organizations.
The survey also makes it clear application development and testing processes continue to be a major headache for cybersecurity professionals. For the third year in a row, respondents peg application development and testing as the security process they struggle with the most.
Bouchard notes one of the more surprising aspects of the study is how much faith organizations are placing in artificial intelligence (AI) to improve their overall security posture. A whopping 81 percent of respondents generally agree that machine learning and artificial intelligence technologies are helping to defeat advanced cyberthreats, while 91 percent say they have acquired cybersecurity products that employ machine learning algorithms.
However, the survey also finds nearly two-thirds of IT security professionals believe a successful cyberattack is imminent in 2019, and 84 percent of organizations are experiencing the effect of an IT security skills shortage.
As the number of containers deployed within an enterprise IT environment increase, so, too, will the impact of a skills shortage. Arguably, the only way cybersecurity teams will be able to keep pace with the dynamic nature of those containers is to rely more on machine learning algorithms. Whether cybersecurity professionals can rely on those algorithms to help them secure containerized applications, however, has yet to be proven conclusively.