We found that 59% of containers had no CPU limits defined and 69% of requested CPU resources were unused. Without utilization information for Kubernetes environments, developers don’t know where they are overspending or underspending on cloud resources. For large deployments, optimizing their environments can save an average of $10 million on their cloud consumption bill . On average, organizations of all sizes may be overspending by 40%.
Containers are becoming shorter-lived
This year’s data revealed that 72% of containers have a lifespan of less than five minutes . Incident response and forensics teams need to have accurate records in case they need to investigate events after a container is gone. Engineering teams need similar data to troubleshoot applications and infrastructure. With containers having such short lifespans, collecting this information is becoming increasingly difficult.Last year’s survey revealed that 44% of containers run in under five minutes, up 28% from the previous year and signaling the maturity of container orchestration usage.
summary
Our research reveals that despite awareness of the necessary tools and benefits of a zero trust approach, cloud security processes are lagging behind the rapid pace of cloud adoption. The real customer data we looked at revealed several areas of security practice that need improvement to mitigate risk:
Identity and Access Management: Large discrepancies between granted and required permissions highlight the urgent need to regularly measure and manage permissions to reduce the window of opportunity for attack.
Vulnerability management: In production environments, the majority of container images contain dangerous vulnerabilities, requiring teams to address image bloat and prioritize vulnerabilities based on actual runtime risk to focus remediation efforts.
Detection and response: Privilege escalation and defense evasion attacks are the top threats for our customers. To keep up with the evolving threat landscape, threat detection rules need to be regularly updated to uncover malicious behavior.
チームは、組織にリスクをもたらさない脆弱性に時間とリソースを浪費し、リスクの高い脆弱性にパッチを適用しないままにしています。ランタイムに露出する脆弱性に焦点を当てることで、チームは最も重要な 15% の脆弱性に集中できます。
Last year’s survey revealed that 44% of containers run in under five minutes, up 28% from the previous year and signaling the maturity of container orchestration usage.