Joe Byrne, CTO Advisor, Cisco AppDynamics highlights the importance of securing the development and deployments of modern applications, as he suggests the three critical steps to secure cloud-native applications and mitigating business risk
For the modern enterprise, cloud-native applications have become the answer to innovating at pace. But for all their benefits, these modern, distributed applications do have a downside — they dramatically increase the attack surface area, leaving many organizations more vulnerable than ever to security breaches. IT teams are only just waking up to this new reality and recognizing the limitations of siloed vulnerability scanning solutions as monitoring security throughout the DevOps pipeline becomes increasingly challenging.
A recent study from Red Hat showed just how much of a concern the security of containers and Kubernetes has become for DevOps, engineering and security professionals. And worryingly, Aqua Security recently reported that Kubernetes clusters associated with more than 350 organizations, open-source projects and individuals are openly accessible and unprotected — and more than half of these have already been the target of an active crypto-mining campaign.
What we’re witnessing now is a massive explosion of security events within Kubernetes environments. Attackers are identifying vulnerabilities and looking to exploit them with ever more frequent and sophisticated attacks. In fact, as many as 93% of businesses have experienced at least one security incident in their Kubernetes environments in the last 12 months — and 31% have experienced financial or customer loss as a result.
Securing cloud native applications in three critical steps
With reputation and revenues at risk, organizations need to take urgent action to get to grips with the heightened risk of breaches. IT teams need to be able to rapidly locate, assess and prioritize risk and remediate security issues based on potential business impact. This will call for new tools, processes and ways of working within the IT department.
As it is easy to get overwhelmed, organizations should start by focusing on three key priorities to ensure secure development and deployments of modern applications:
1. Correlate security issues across applications entities to quickly isolate them
In order to quickly isolate issues and rapidly apply fixes to reduce meantime to remediation, IT teams need to be able to correlate security issues across application entities. This must include business transactions, services, workloads, pods and containers.
To achieve this, technologists need a solution which provides expanded visibility into cloud native environments. This means getting both a comprehensive overview of their application security issues and granular detail of where and how a vulnerability impacts critical areas of their application. IT teams should also favor a solution which allows them to group and filter vulnerabilities based on entities to view a prioritized list of vulnerabilities that affect a core area.
2. Prioritize issues through business context and business risk scoring
Alert fatigue is becoming all too common for IT teams. Bombarded with massive volumes of alerts from across their modern application environments, it can be incredibly difficult to know which issues pose the biggest threat to customers and the business.
This is why context is key. If they hope to prioritize risk and remediate issues based on potential business impact, IT teams need to get business context on their security findings. They need to be able to immediately analyze the importance of a business transaction and understand the sensitivity of data associated with it.
A business risk score, combining application and business impact context with vulnerability detection and security intelligence, can help IT teams understand the potential impact of each vulnerability and the criticality of each threat.
3. Remediation guidance to accelerate responses
Finally, IT teams need to look for a solution which provides prioritized and real-time remediation guidance for runtime container vulnerabilities.
In the modern enterprise, with its dynamic IT environments, a Common Vulnerability Scoring System (CVSS) is no longer sufficient to prioritize vulnerabilities because it is static and doesn’t measure risk and its exploitation predictability. IT teams should also be looking for vulnerability context and intelligence, so they can accelerate mitigation of security issues.
Perhaps most importantly, this form of business risk observability is vital to enabling application and security teams to come together and embed security into the application lifecycle from day one. Then, rather than being stuck on the back foot, constantly in firefighting mode, IT teams can take a more collaborative and strategic approach to the secure development and deployment of cloud native applications.
Business risk observability, a turning point for cybersecurity
The business case for business risk observability is clear and over the next two years, we will see a major shift towards this approach. The recent Cisco research which found that 93% of technologists believe that it’s now important to be able to contextualize security and to prioritize vulnerability fixes based on potential business impact, is an indication of this.
Across industries, organizations need to provide their IT teams with the right tools and insights to counter the soaring levels of risk they’re encountering within their modern applications. With expanded visibility and intelligent business risk insights across cloud native environments, IT teams can prioritize and respond, in real-time, to potentially damaging security threats and reduce overall organizational risk profiles. And crucially, this means that they can keep their digital transformation programs on track and deliver the seamless digital experiences that customers now demand.