The industry is gaga for container technologies like Docker and for good reason. According to ESG research, containers make up about 19 percent of hybrid cloud production workloads today, but in just two years’ time, containers will make up one-third of hybrid cloud production workloads. (Note: I am an ESG employee.) Container security issues
Not surprisingly, cybersecurity professionals say rapid growth and proliferation of application containers have led to several security issues:
35 percent say their organization’s current server workload security solutions do no support the same functionality for containers, requiring the use of separate container security technologies. This adds cost and complexity to safeguarding valuable IT assets.
34 percent say they need to verify that images stored in container registries meet their organization’s security and compliance requirements. Again, they tend to need specialized tools to accomplish this task.
33% say there is a lack of mature solutions available for container security. This is understandable, as container security is dominated by startups and point tools at present (i.e. Aporeto, Aqua Security, Cavirin, CloudPassage, Layered Insight, Neuvector, StackRox, Twistlock, etc.). We are seeing more and more coverage from established players, as well, including Tenable Networks, Trend Micro, VMware, etc. Cybersecurity pros should pay close attention to this market because vendors and tools are evolving quickly.
30% say the potential for container sprawl creates loose access controls between containers that could leave their production environment more vulnerable. This indicates process and management problems that lead to security vulnerabilities.
27% say portability makes containers more susceptible to “in motion” compromises. And a lot of security pros don’t have the tools to monitor transient containers and microservices as they appear and disappear.
[ Learn why you need an API security program, not a piecemeal approach. | Get the latest from CSO by signing up for our newsletters. ]
Like server virtualization and public cloud workloads of the past, containers remain an unfamiliar animal to many security professionals today, but this is unacceptable given the number of production containers deployed today (as well as aggressive future container deployment plans). In cybersecurity, uncertainty and limited knowledge equal increased risk. To read this article in full, please click here
Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.
Cybersecurity Insights - Attack
No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?
Cybersecurity Insights - People
Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.