Sysdig’s latest cloud-native and security-usage report finds that shipping containers with vulnerabilities has become standard practice. The report found that 75% of containers have high severity vulnerabilities which could have been patched.
The report emphasised that many organisations find this to be an acceptable risk, with many organisations prepared to take these risks in order to move and release quickly.
Main messages from the report show that many organisations still have a long way to go in terms of ensuring that they provide appropriate cloud-native and container security, reports InfoQ in a recent article.
The report defines a number of key indicators to determine success in cloud native and security, and analyses the responses from a broad array of organisations to show the current trends in the industry.
In fact, Sysdig offers software that helps customers work with cloud-native and container security. The anonymous reporting functionality in Sysdig’s software allows the company to gather valuable insights and adoption stats from the users.
For instance, Amazon Web Services’ S3 provides one good mechanism for storing and serving files. The report found that 36% of AWS S3 buckets are open to public access, and 73% of accounts have at least one public bucket.
Performance issues and cost overruns feature show that more than half of containers deployed to Kubernetes infrastructure have no memory or CPU limits defined. Having these cluster in mind, it admins to profile the applications running, and also prevent them from overrunning a cluster, or growing to size where capacity is wasted.
Furthermore, this also shows up as a third of CPU cores allocated to clusters were unused – a sign that autoscaling of capacity to meet demand is not a solved problem.
96% of the container platforms in use are Kubernetes, proving that consolidation in this area is almost complete. Measurement and monitoring of usage is showing a clear adoption trend – with Prometheus use in 83% of organisations at the expense of other less cloud-native solutions. Prometheus has gained an advantage as an open standard, and one that fits well onto applications run in a Kubernetes cluster.