Preview Mode Links will not work in preview mode

Cloud Security Podcast by Google


Feb 28, 2022

Guest: 

  • Anna Belak,  Director of Thought Leadership @ Sysdig

Topics:

  • One model for container security is “Infrastructure security  | build security | runtime security” -  which is most important to get right? Which is hardest to get right? 
  • How are you helping users get their infrastructure security right, and what do they get wrong most often here?
  • Your report states that “3⁄4 of running containers have at least one "high" or "critical" vulnerability“ and it  sounds like pre-cloud IT, but this is about containers?  This was very true  before cloud, why is this still true in cloud native?  Aren’t containers easy to “patch” and redeploy? 
  • You say  “Whether the container images originate from private or public registries, it is critical to scan them and identify known vulnerabilities prior to deploying into production.“ but then 75% have critical vulns? Is the problem that 75% of containers go unscanned, or that users just don’t fix things? 
  •  “52% of all images are scanned in runtime, and 42% are initially scanned in the CI/CD pipeline.“ - isn’t pipeline and repo scanning easier and cheaper? Why isn’t this 90/10 but 40/50?
  •  “62% detect shells in containers” sounds (to Anton) that “62% zoos have a dragon in them” i.e. kinda surreal. What’s the real story?
  • Containers are at the forefront of cloud native computing yet your report seems to show a lot of pre-cloud practices? Are containers just VMs and VMs just servers? 

Resources: