Anna Belak, Director of Thought Leadership @
One model for container security is
“Infrastructure security | build security | runtime security”
- which is most important to get right? Which is hardest to
How are you helping users get their
infrastructure security right, and what do they get wrong most
Your report states that “3⁄4 of running
containers have at least one "high" or "critical" vulnerability“
and it sounds like pre-cloud IT, but this is about
containers? This was very true before cloud, why is
this still true in cloud native? Aren’t containers easy to
“patch” and redeploy?
You say “Whether the container images
originate from private or public registries, it is critical to scan
them and identify known vulnerabilities prior to deploying into
production.“ but then 75% have critical vulns? Is the problem that
75% of containers go unscanned, or that users just don’t fix
“52% of all images are scanned in
runtime, and 42% are initially scanned in the CI/CD pipeline.“ -
isn’t pipeline and repo scanning easier and cheaper? Why isn’t this
90/10 but 40/50?
“62% detect shells in containers” sounds
(to Anton) that “62% zoos have a dragon in them” i.e. kinda
surreal. What’s the real story?
Containers are at the forefront of cloud native
computing yet your report seems to show a lot of pre-cloud
practices? Are containers just VMs and VMs just
Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure.
We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit.
We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.