Container security and compliance remains a challenge as deployment speeds ahead
A report released today finds that while adoption of container architectures and microservices continues at an impressive pace, maintaining automated and proactive security and compliance is a major challenge.
The study, from container security specialist NeuVector, polled over 1,200 DevOps professionals attending KubeCon EU 2021 and shows over 89 percent have container deployments active, and 88 percent are planning additional deployments in the next six to 12 months.
Kubernetes is the most used orchestration platform among respondents, followed by Red Hat OpenShift and Rancher. AWS takes the top three positions among cloud platforms used, with respondents naming AWS EC2, AWS EKS, and AWS Fargate as the most popular options.
However, nearly three-quarters of respondents have concerns over their Kubernetes runtime security -- including their risk of network attacks, man-in-the-middle attacks, and cryptomining. While 64 percent report having visibility into the sensitive information being accessed from their Kubernetes environments, Kubernetes itself obfuscates some of this information through a layer of abstraction. This means many respondents who claim this visibility probably lack insights into Kubernetes API server access, pod-to-pod communication, the encryption status of connections, and other areas of concern.
There's also confusion over what vulnerability scanning tools and additional cloud provider or vendor protections respondents have available, suggesting many organizations are likely less protected than they might assume.
Compliance is a concern too, just 20 percent of respondents have a compliance tool in place for their container and Kubernetes environments. This area in particular is a target for growth, as enterprises subject to regulations such as PCI-DSS, SOC-2, GDPR and others require automated compliance scanning and reporting capabilities in their production environments.
"Most respondents express concern over the security of their container environments, and especially their Kubernetes deployments in production," says Glen Kosaka, VP of product management at NeuVector. "But it's clear that concern needs to turn into action. Many are likely overestimating the capabilities of their current container security and compliance processes – and as headlines continue to show, container environments are an increasingly inviting target for attacks. We look forward to helping organizations better understand both their true security requirements and the reliable security capabilities available to fully protect their environments. Achieving end-to-end container security and maintaining application development velocity and agility is not an either-or decision that enterprises should have to make."
The full survey is available from the NeuVector site.