Aqua Blog

It’s About Time for Runtime: 2021 Cloud Native Security Survey

It’s About Time for Runtime: 2021 Cloud Native Security Survey

While container environments grow in size and complexity, many misconceptions persist about securing cloud native applications. Our latest survey reveals a huge knowledge gap around runtime security, with 97% of cloud native security practitioners still unaware of crucial container security principles. Here are the insights we gained into the challenges that DevOps and security teams face daily.

Survey highlights

The default security of containers is overestimated

The term “container” is often misunderstood. The concept of isolation tends to give many practitioners a false sense of security, believing that this technology is inherently safe. The reality is that containers don’t have any security dimension by default. Our container runtime security survey found that only 3% of respondents understand that a container, in and of itself, is not a security boundary.

‘Shift left’ isn’t a silver bullet for cloud native security

While static analysis plays an important role in container security, even the most complete shift-left capability can’t prevent zero-day attacks and administrator errors. Container runtime security is critical in protecting against adversaries who evade static analysis or otherwise get around more popular, and better understood, shift-left controls.

Key cloud native security concepts are largely misunderstood

The overwhelming majority of respondents (85%) believe that traditional tools like intrusion prevention systems (IPS), endpoint detection and response (EDR), and firewalls could stop an attack in progress in a cloud native environment (an attack that occurs after an image has been deployed to an environment). In fact, traditional security tools weren’t built for cloud native traffic and have limited capabilities in dynamically orchestrated environments.

Practitioners are overconfident in their protection

The survey shows that teams need to better understand the fundamental components of runtime security, such as enforcing the immutability of containers. Only 32% of respondents were confident in their ability to stop runtime attacks, but even fewer take the necessary steps to truly achieve runtime protection:

  • Only 14% were confident in enforcing image immutability in production
  • Only 21% were confident in mitigating exploits in runtime
  • Only 23% were confident in achieving secrets management in runtime

Without these essential runtime capabilities, it is impossible to adequately detect threats and respond to them in the cloud native environment.

Confidence in cloud native security capabilities

fig1-01

Organizations are ill-equipped to detect and remedy runtime attacks

When it comes to runtime protection, organizations still have significant gaps in their security coverage. Just 26% of respondents said their organization could stop an attack in progress, which signifies a general lack of runtime capabilities across the other 74% of respondents’ toolkits.

The urgency for runtime security controls

As the threat landscape rapidly evolves, strong runtime security is more essential than ever. We’ve seen many examples of adversaries using legitimate vanilla images that download malicious elements only at runtime. Simply shifting left with image scanning and malware detection at build isn’t enough to stop such sophisticated attacks that evade static analysis.

Only holistic cloud native security, applied across every stage of the application life cycle, can efficiently secure your cloud native environment while preserving business continuity. This approach embeds security early in the development cycle and seamlessly bakes it in all the way into production, protecting the build, infrastructure, and running workloads.

Want more insights to help understand the container runtime security challenges? Download our 2021 Cloud Native Security Survey.

Aqua Team
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure and secure running workloads wherever they are deployed. Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.