Three critical priorities for technologists to manage rising security risks within cloud native environments
By Gregg Ostrowski
Applications are now the front door for almost all organizations, and brands need to deliver ever more seamless and intuitive digital experiences to attract and retain customers and to drive revenues. Rapid adoption of cloud native technologies is enabling organizations to increase innovation speeds and respond more quickly to constantly evolving customer demands.
However, the move to modern, distributed applications is opening organizations up to significant new security risks. Attack surfaces are expanding dramatically, with application entities spread across microservice-based application architectures and leaving IT Teams with visibility gaps within their Kubernetes environments. Most technologists are still relying on siloed vulnerability scanning solutions and this is making monitoring security throughout the DevOps pipeline increasingly difficult.
A study from Red Hat revealed that the security of containers and Kubernetes has become a major concern for DevOps, engineering and security professionals. And alarmingly, Aqua Security recently found that Kubernetes clusters associated with more than 350 organizations, open-source projects and individuals are openly accessible and unprotected – and most of them have already been the target of an active crypto-mining campaign.
Across the world, organizations are encountering a huge explosion of security events within Kubernetes environments. Bad actors are identifying vulnerabilities and looking to take advantage of them with ever more frequent and sophisticated attacks. Incredibly, 93% of businesses have experienced at least one security incident in their Kubernetes environments in the last 12 months – and almost a third of these organizations have experienced financial or customer loss as a result. Security within modern application environments is a very real and very dangerous risk for all businesses.
Three steps for IT teams to secure cloud native applications
The pressure is on IT teams to respond to this heightened risk and protect their organizations from a reputation and revenue-impacting security breach. Traditional security approaches simply aren’t fit for purpose within cloud native environments; technologists need new tools, processes and ways of working to be able to rapidly locate, assess and prioritize risk and remediate security issues based on potential business impact.
Crucially, IT departments should be focusing on three key priorities to ensure secure development and deployments of modern applications:
- Correlate security issues across applications entities to rapidly isolate them
IT teams need to be able to correlate security issues across application entities (including business transactions, services, workload, pods and containers) to quickly isolate issues and apply fixes to reduce meantime to remediation.
Organizations should be looking to implement a solution which delivers expanded visibility into cloud native environments. IT teams need a comprehensive overview of their application security issues and granular detail of where and how a vulnerability impacts critical areas of their application. And they need to be able to group and filter vulnerabilities based on entities to see a prioritized list of vulnerabilities that affect a core area.
- Prioritize issues with business context and business risk scoring
IT teams are struggling to cope with the massive volumes of alerts that are coming at them from across an ever more fragmented application landscape. And the problem is that they can’t tell which issues pose the biggest threat.
This is why it’s vital for technologists to get business context on security findings, so that they can prioritize risk and remediate issues based on potential business impact. IT teams need to be able to immediately analyze the importance of a business transaction and understand the sensitivity of data associated with it.
A business risk score, combining application and business impact context with vulnerability detection and security intelligence, enables IT teams to understand the potential impact of each vulnerability and the criticality of each threat.
- Remediation guidance to accelerate responses
Within dynamic, modern application environments, a Common Vulnerability Scoring System (CVSS) is not enough to prioritize vulnerabilities because it is static and doesn’t measure risk and its exploitation predictability. IT teams should also be looking for vulnerability context and intelligence, so they can accelerate mitigation of security issues. They need a solution which provides prioritized and real-time remediation guidance for runtime container vulnerabilities.
This type of business risk observability is now essential to bring applications and security teams together and embed security into the application lifecycle from day one. Rather than being stuck in firefighting mode, scrambling to respond to alerts, IT teams can adopt a more collaborative and proactive approach to ensure secure development and deployment of cloud native applications.
The urgent need for business risk observability
Across all industries, there will be a major shift towards business risk observability over the coming years, with organizations bringing together application data and security intelligence to manage and mitigate risks within their application environments. Research from Cisco found that as many as 93% of technologists believe that it’s now important to be able to contextualize security and to prioritize vulnerability fixes based on potential business impact.
IT leaders must equip their teams with the right tools and insights to counter the soaring levels of risk they’re encountering as they increase their deployment of cloud native technologies. This means implementing solutions which provide expanded visibility and intelligent business risk insights across cloud native environments, so that IT teams can prioritize and respond in real-time to security threats and reduce organizational risk.
(The author is Gregg Ostrowski, CTO Advisor, Cisco Observability, and the views expressed in this article are his own)
