By Gregg Ostrowski, CTO Advisor, Cisco AppDynamics
Media is inundated with stories about heightened security threats within modern application environments. Last year, Red Hat found that 93 per cent of businesses had experienced at least one security incident in their Kubernetes environments in the previous 12 months — and 31 per cent had experienced financial or customer loss as a result.
More recently, a study found that Kubernetes clusters associated with more than 350 organizations, open-source projects and individuals were openly accessible and unprotected. More than half of these had already been the target of an active crypto-mining campaign.
The recent high-profile breaches have highlighted the risks worldwide organizations face when expanding their cloud-based projects. These incidents underscore the potentially devastating consequences of a security breach, including damage to reputation and financial losses. IT teams are facing unrelenting pressure to develop applications more quickly and provide seamless digital experiences to customers. However,they are increasingly aware that the adoption of cloud native technologies exposes their applications to heightened security risks.
It’s no surprise that the security of containers and Kubernetes has become a top concern for DevOps, engineering, and security professionals. The reality is that, over the last few years, as organizations have ramped up their digital transformation programs to meet constantly changing customer needs and to enable hybrid work, security hasn’t always kept up. A recent Cisco study found that 92 per cent of technologists admitted that rapid innovation during the pandemic has come at the expense of robust application security.
Given Gartner’s forecast that 95 per cent of new digital workloads will be deployed on cloud native platforms by 2025, there is little doubt that bad actors will increasingly look to exploit vulnerabilities within Kubernetes environments.
For IT teams, application security is fast becoming a major worry and many technologists are having to work long hours under intense pressure to protect their applications from constantly evolving risks. IT departments urgently need to find a more sustainable approach to manage this heightened level of threat and that means embracing new security approaches and tools.
Expanded attack surfaces require IT teams to re-think application security
With application components increasingly dispersed across multiple entities, attack surfaces are dramatically expanding. Whether it’s greater deployment of Internet of Things (IoT) and connected devices or new hybrid working models, technologists are grappling with an ever more fragmented and complex security landscape. The sheer volume of applications distributed across microservice-based application architectures has posed a significant challenge in monitoring security across DevOps pipeline.
Many IT teams are suffering from visibility gaps across their Kubernetes environments which make it incredibly difficult to identify and address vulnerabilities.
The move to cloud native technologies has exposed the shortcomings of traditional vulnerability scanning solutions. According to two-thirds of technologists, their existing security solutions perform effectively when isolated, but they struggle to integrate them cohesively.
This results in a lack of comprehensive visibility into how vulnerabilities might affect essential application components and an inability to prioritize issues based on their impact on the business.
The shift to modern applications has also highlighted the lack of collaboration between development, operations and security teams, often resulting in security being overlooked until the final stages of the production pipeline.
Technologists need business risk observability to manage application security
In all industries, there is an acknowledgement that organizations require novel approaches and solutions to effectively handle application security. This process is essential not only to prevent potentially devastating security breaches, but also to establish a more sustainable framework to foster innovation. IT teams need to come together to effectively tackle security within Kubernetes environments and reap the full benefits of modern application stacks moving forward.
In order to achieve this, organizations need expanded visibility into cloud native environments, and they need business context on their security intelligence.
Business risk observability enables IT teams to locate and isolate security issues across application entities – whether that’s business transactions, services, workloads, pods, or containers. Having the ability to correlate security issues across application entities allows technologists to reduce metrics such as meantime to detect (MTTD). IT teams also need to be able to group and filter vulnerabilities based on entities in order to view a prioritized list of the vulnerabilities that could affect a core area of the application.
However, on its own, this level of unified visibility isn’t enough. Technologists still need a way to cut through the crippling data noise to focus their attention on the issues that matter most.
Business risk observability integrates security intelligence with application performance data, empowering IT teams to evaluate and prioritize risks and address security issues based on their potential business consequences. A business risk score specifically identifies the high-risk business transactions, such as highlighting the sensitivity of customer data tied to a particular transaction. This insight empowers security teams, often facing overwhelming demands, to adopt a proactive and strategic approach guided by real-time business insights.
Crucially, business risk observability offers a platform for greater collaboration within the IT department. With application and security teams united around a unified platform for comprehensive data on application availability, performance, and security, organizations can seamlessly integrate security into the application lifecycle from the outset, rather than treating it as an afterthought. This proactive approach is crucial considering the evolving threats every business faces.
As IT teams accelerate the development and deployment of secure modern applications, there is growing recognition that business risk observability is now vital.
As many as 93 percent of technologists believe that it’s now important to be able to contextualize security and prioritize vulnerability fixes based on potential business impact. IT leaders need to implement the right tools and processes to accelerate this transition. Get it right and they can mitigate risk for their organization, while also creating a platform for accelerated and sustainable innovation in the future. Get it wrong, and they risk compromising their organization’s security, financial stability, and reputation in the face of evolving cyber threats.