A new study released by Aqua Security Software reports that many software container users are unaware of the security principles governing urgency for runtime controls.
The cloud-native security company published its 2021 Cloud-Native Security Practitioners study based on a survey of 150 cloud-native security professionals and executives from IT, DevOps, and security. Only 3% of the respondents recognized that containers, in and of themselves, do not constitute a secure perimeter.
These numbers indicate that most containers users overestimate the security capabilities of what they use.
What the numbers reveal
24% of the respondents said they plan to deploy the needed blocks to enable runtime security, which is alarming, given how many don’t have that plan.
Nearly 1 out of 3 people surveyed said they were confident in their overall holistic security protection, but only 23% had the building blocks set up to enable runtime security. Knowledge gaps are also a problem, especially concerning supply chain risks.
About three-quarters of the respondents said they believed they could stop software supply chain attacks that aren’t picked up by static analysis. However, that is a myth borne of misunderstanding the role runtime security plays in security.
No need to be too confident
According to Amir Jerbi, the co-founder and chief technology officer at the company, there is cause for concern regarding what he calls ‘overconfidence’ and the perceived ability to thwart supply chain attacks among container users.
Jerbi said that the company’s honeypots report malicious communications contact daily, highlighting the need for containers users to be more proficient at securing their interests.
The CTO added that holistic cloud-native security should be the goal and that the focus should be on the entire application life cycle from infrastructure to workloads.