Mirantis announced the k0rdent Application Catalog – with 19 validated infrastructure and software integrations that empower platform engineers to accelerate the delivery of cloud-native and AI workloads wherever the\y need to be deployed.
Companies Are Prioritizing Convenience and Speed Over Cloud Security Best Practices
February 15, 2024
"Attackers are leveraging automation to exploit every point of weakness they can uncover," said Crystal Morin, Cybersecurity Strategist at Sysdig, referencing the company's new 2024 Cloud-Native Security and Usage Report. "This year's report shows that many companies are chasing faster innovation at the cost of more comprehensive security — a gamble that poses real business risks."
Report highlights include:
69% of enterprises have yet to embed AI into cloud environments
While 31% of companies have integrated AI frameworks and packages, only 15% of these integrations are used for generative AI tools such as large language models (LLMs). Considering the risk acceptance described in this year's report, organizations are ignoring security best practices, yet they are cautious when it comes to implementing AI into their enterprise environments.
91% of runtime scans fail
In shift-left security, organizations scan early and often during the development phase, recognizing failed builds, correcting the code, and then redeploying. The goal is to catch issues before delivery, and before they become exploitable conditions for attackers. However, with 91% of runtime scans failing, teams appear to be relying more on threat detection than prevention.
Only 2% of granted permissions are being used
Identity management — for both humans and machines — has become the most overlooked cloud attack risk and opportunity for companies to improve their security posture, especially in light of well-known 2023 attacks that took advantage of overly permissive identities. In last year's report, Sysdig saw 90% of permissions going unused, showing that this trend has worsened year over year.
Shorter container lifespans are not stopping attackers
The homogenous nature of cloud environments and attackers' usage of automation for discovery and reconnaissance gives them a near-instant understanding of cloud environments and their opportunities to move laterally. Running vulnerable workloads, no matter how short-lived, leaves organizations at risk for attacks.
"Though I am unsurprised by the apprehension around the security of new technologies like AI, I am disheartened by the massive number of excessive permissions being administered, especially for machine identities. It feels a bit like obsessing over a plane crash while regularly running stop signs with no seatbelt on," said Anna Belak, Director, Office of Cybersecurity Strategy at Sysdig.
Industry News
March 27, 2025
webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.
March 27, 2025
Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.
March 27, 2025
Komodor announced a new approach to full-cycle drift management for Kubernetes, with new capabilities to automate the detection, investigation, and remediation of configuration drift—the gradual divergence of Kubernetes clusters from their intended state—helping organizations enforce consistency across large-scale, multi-cluster environments.
March 26, 2025
Red Hat announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud.
March 26, 2025
CloudCasa by Catalogic announced the availability of the latest version of its CloudCasa software.
March 26, 2025
BrowserStack announced the launch of Private Devices, expanding its enterprise portfolio to address the specialized testing needs of organizations with stringent security requirements.
March 25, 2025
Chainguard announced Chainguard Libraries, a catalog of guarded language libraries for Java built securely from source on SLSA L2 infrastructure.
March 25, 2025
Cloudelligent attained Amazon Web Services (AWS) DevOps Competency status.
March 25, 2025
Platform9 formally launched the Platform9 Partner Program.
March 24, 2025
Cosmonic announced the launch of Cosmonic Control, a control plane for managing distributed applications across any cloud, any Kubernetes, any edge, or on premise and self-hosted deployment.
March 20, 2025
Oracle announced the general availability of Oracle Exadata Database Service on Exascale Infrastructure on Oracle Database@Azure(link sends e-mail).
March 20, 2025
Perforce Software announced its acquisition of Snowtrack.
March 19, 2025
Mirantis and Gcore announced an agreement to facilitate the deployment of artificial intelligence (AI) workloads.
March 19, 2025
Amplitude announced the rollout of Session Replay Everywhere.
