Three essentials for IT teams to manage heightened security threats within modern applications
November 2023 by Joe Byrne, CTO Advisor, Cisco AppDynamics
Across all sectors, IT teams are ramping up their use of cloud native technologies to increase application release velocity. Applications are now the front door for almost all businesses, and brands need to deliver ever more seamless and intuitive digital experiences in order to succeed.
However, the shift to modern, distributed applications is leaving many organizations vulnerable to security breaches. Attack surfaces are expanding dramatically, with application entities spread across microservice-based application architectures and leaving technologists with visibility gaps within their Kubernetes environments. IT teams are recognizing the limitations of siloed vulnerability scanning solutions as monitoring security throughout the DevOps pipeline becomes increasingly challenging.
Indeed, a recent study from Red Hat found that the security of containers and Kubernetes has become a top concern for DevOps, engineering and security professionals. And worryingly, Aqua Security recently reported that Kubernetes clusters associated with more than 350 organizations, open-source projects and individuals are openly accessible and unprotected - and more than half of these have already been the target of an active crypto-mining campaign.
What we’re seeing now is a massive explosion of security events within Kubernetes environments. Bad actors are identifying vulnerabilities and looking to exploit them with ever more frequent and sophisticated attacks. In fact, as many as 93% of businesses have experienced at least one security incident in their Kubernetes environments in the last 12 months — and 31% have experienced financial or customer loss as a result.
Three critical factors in securing cloud native applications
Evidently, organizations need to take urgent action to get to grips with this heightened risk and ensure they don’t suffer from a reputation and revenue-impacting security breach. IT teams need to be able to rapidly locate, assess and prioritize risk and remediate security issues based on potential business impact. And this means new tools, processes and ways of working within the IT department.
In particular, organizations should be focusing on three key priorities to ensure secure development and deployments of modern applications:
1. Correlate security issues across applications entities to quickly isolate them
IT teams need to be able to correlate security issues across application entities (including business transactions, services, workload, pods and containers) to quickly isolate issues and rapidly apply fixes to reduce meantime to remediation.
Technologists need a solution which provides expanded visibility into cloud native environments. This means getting both a comprehensive overview of their application security issues and granular detail of where and how a vulnerability impacts critical areas of their application. IT teams should also be looking for a solution which allows them to group and filter vulnerabilities based on entities to view a prioritized list of vulnerabilities that affect a core area.
2. Prioritize issues through business context and business risk scoring
IT teams are being bombarded with massive volumes of alerts from across their modern application environments and therefore it can be incredibly difficult to know which issues pose the biggest threat to customers and the business.
This is why it’s essential for IT teams to get business context on their security findings in order to prioritize risk and remediate issues based on potential business impact. They need to be able to immediately analyze the importance of a business transaction and understand the sensitivity of data associated with it.
A business risk score, combining application and business impact context with vulnerability detection and security intelligence, can help IT teams understand the potential impact of each vulnerability and the criticality of each threat.
3. Remediation guidance to accelerate responses
Finally, IT teams need to look for a solution which provides prioritized and real-time remediation guidance for runtime container vulnerabilities.
Within modern, dynamic environments, a Common Vulnerability Scoring System (CVSS) is not enough to prioritize vulnerabilities because it is static and doesn’t measure risk and its exploitation predictability. IT teams should also be looking for vulnerability context and intelligence, so they can accelerate mitigation of security issues.
This type of business risk observability is now vital to bring applications and security teams together and embed security into the application lifecycle from day one. Rather than being stuck on the back foot, constantly in firefighting mode, IT teams can take a more collaborative and strategic approach to the secure development and deployment of cloud native applications.
The shift to business risk observability
Over the next two years, we will see a major shift towards business risk observability, with organizations bringing together application data and security intelligence to take a more strategic approach to application security. Indeed, recent Cisco research found that 93% of technologists believe that it’s now important to be able to contextualize security and to prioritize vulnerability fixes based on potential business impact.
Organizations in all industries need to act now to provide their IT teams with the right tools and insights to counter the soaring levels of risk they’re encountering within their modern applications. With expanded visibility and intelligent business risk insights across cloud native environments, IT teams can prioritize and respond in real-time to potentially damaging security threats and reduce overall organizational risk profiles. And crucially, this means that they can keep their digital transformation programs on track and deliver the seamless digital experiences that customers now demand.