One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 6227177 |
| Date de publication | 2022-08-10 10:00:00 (vue: 2022-08-10 10:06:16) |
| Titre | Are cloud containers a sugar-coated threat? |
| Texte | This blog was written by an independent guest blogger. Containerization is a rapidly evolving technology in cloud-native applications. Just like computing systems, containers consist of packages of software programs with all the vital elements like binaries, files, and libraries for running an application in the environment from anywhere. Containers are lightweight, and DevOps teams develop applications and deploy services using them. Moreover, organizations also use these containers to deploy and scale the DevOps infrastructure like the CI/CD tools. A report reveals that by 2022, organizations are likely to run 24% of their workload on containers. However, despite the benefits containers offer, it doesn’t mean they are completely secure. A study revealed that 87% of organizations had deployed containers in their production, while it's found that 94% had experienced at least one security incident. Another research finds that 45% of organizations have delayed or slowed down their application deployment process because of container security issues. All these issues can cause organizations to slow down their transformation journey and bear financial and reputational loss. To avoid such circumstances, organizations need to be aware of cloud container threats and learn how to minimize risks. Why are cloud containers becoming a growing threat? Containerization is a fast-moving trend that plays a pivotal role in improving agility and boosting innovation and is necessary for application development. The adoption of containers has soared in recent years and will continue to rise - and why not, as it transforms how an organization deploys IT infrastructure. Gartner predicts that by 2023, 70% of organizations will use containerized applications. In a survey, the Cloud-Native Computing Foundation (CFNC) finds that 96% of enterprises have evaluated or actively use Kubernetes. Besides this, 68% of the IT leaders in the Red Hat State of Enterprise Open Source Report for 2022 say that container technology is on the level of other important technologies, like Artificial Intelligence and Machine Learning. Container adoption comes with great advantages, but can also pose cybersecurity threats and challenges that adversely impact organizations. Enterprises who depend on container technology but fail to identify the security vulnerabilities and implement mitigation measures compromise their sensitive business data, including customer data. The situation becomes even more dire since most of these threats can’t be mitigated through endpoint security tools such as proxies or VPNs. Here are some of the reasons cloud containers are becoming a threat to organizations: Human error Hackers can compromise container technology in the cloud in several ways. |
| Envoyé | Oui |
| Condensat | can 000 2022 2023 2025 380 access accesses accessible according actively actors adequate adoption advantage advantages adversely against agility all allow also among analyzes another anywhere apart api application applications are artificial attack attackers attacks authentic authentication automated available avoid aware based bear because become becomes becoming below benefits besides best binaries blog blogger boosting both breaches break build built business businesses but can can’t cases cause causes cfnc chain challenges channel ci/cd circumstances cloud coated code comes common communicate communication completely compliance components compromise compromised compromising computing conduct configuration connections consist contained container containerization containerized containers content continue continuous continuously control controls corrupts create credentials critical crucial crypto customer cybercriminals cybersecurity data defense delayed depend deploy deployed deployment deployments deploys despite develop developers development devops dire docker doesn’t down each easy ecosystem effective elements enable endpoint engine enough ensure entering enterprise enterprises entire environment error errors establish evaluated even evolving example exfiltration experienced exploit exploiting expose exposed externally fact factor fail fast files final financial find finds firewall firewalls found foundation from fulfill gain gartner generation gives great growing guest hackers had has hat have help here high hosted how however hub human identify ignore image images impact imperative implement important imported improving incident include including incorporating increase increasing independent infiltrate infrastructure injections innovation insecure inside instead intelligence internal internet isn issues its journey just kubernetes lead leaders leads leaks learn learning least legitimate level leverage libraries lifecycle lightweight like likely loophole loss machine main maintaining make makes malicious malware management manages manipulate marks mean measures mfa million minimize mining misconfiguration misconfigurations mistake mistakes mitigate mitigated mitigation modify monitoring more moreover most move moving multi names native necessary need network new next not numerous offer official often one open operating orchestration organization organizations organizations: other outbound over overlooked packages party patchable pivotal play plays pods point points pose poses potential practices predicts present pretty prevent prime priority private process production programs protect protection proxies public publicly purposes puts rapidly rather reasons recent red registries registry related report repository reputational requirements research researchers resources respondents restrict reuse revealed reveals rise risk risks role root run running runtime say scale scan scanner scanning scratch secure security sensitive server servers services several severe shady should since situation slow slowed smallest soared software some source spread spreading sql squatting stages state stop store stored storing strategy strong study successful such sugar supply survey system systems target targeted teams technologies technology tempted testing than theft them then these third thoroughly thoughts threat threaten threats threats: through throughout thus times tools top transformation transforms trend two unauthorized under underlying upload use used user using various vine vital vpns vulnerabilities vulnerability way ways weak when who why will within workload written xss years |
| Tags | Malware Vulnerability Threat Guideline |
| Stories | Uber |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.