

New research shows that hundreds of organizations are deploying software containers in the public cloud without securing them first.
Software containers, which are used by developers to build applications once that can run in any computing environment, provide benefits such as agility, scaling and rapid response to continuous change. But the scaling of containers in production environments is exposing these apps to new security risks, according to a new study by Lacework Inc., which provides automated security services for Amazon Web Services Inc.’s public cloud platform.
The cloud security firm said it had seen an explosion in the use of container orchestration and application programming interface tools that could serve as “attack points.”
Altogether, the company said, it has found more than 21,000 container and API tools with potential vulnerabilities. The tools, hosted on public cloud platforms such as AWS, Google Cloud Platform and OVH — a French cloud services provider — include de facto standards such as Kubernetes and Docker Swarm. Most of the vulnerabilities stem from poorly configured resources, a lack of user credentials and unsecure protocols, it said.
Lacework said the findings of its study highlight the need for better “security guardrails” in addition to regular container isolation techniques.
The vulnerabilities included more than 300 container management clusters being hosted in the open with no authentication in place, providing “virtually complete access” to anyone who cared, Lacework said. No authentication means that the cluster’s administrative dashboards can be accessed by anyone without using any security credentials. Lacework also found numerous instances where it was possible to perform remote code execution via APIs.
The company said that hackers could exploit these container vulnerabilities to gain access to servers, privileged accounts and administrative passwords.
“We noticed an alarming number of systems with no authentication whatsoever,” Lacework reported. “Some were clearly in the midst of being set up, but some were in full production. In cases where full access was available, one can perform operations like add and deploy their own applications, delete infrastructure, change credentials and potentially exfiltrate data.”
By leaving these interfaces exposed, organizations face a “huge potential for risk to their data and cloud infrastructure,” Lacework said.
The security firm said its findings highlight the need for information technology administrators to determine what is an acceptable level of external visibility into their container deployments, in addition to the need for stricter access controls.
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.