IT pros worry about Kubernetes security
A new survey of 800 security and IT leaders from large organizations shows 76 percent of security and IT pros believe we are heading towards a cloud reckoning in terms of costs and security.
The study from Venafi finds that 84 percent believe Kubernetes will soon be the main platform used to develop all applications. But, three-quarters worry that the speed and complexity of Kubernetes and containers is creating new security blind spots.
In addition 59 percent of respondents who have completed a cloud migration admit they didn't understand the security risks when doing so. While most respondents (87 percent) have started to move legacy apps to the cloud, over half of those that have done so failed to refactor them using cloud native technologies.
Among other findings, 90 percent of security and IT pros think security teams need to increase their understanding of cloud native environments to ensure applications are secure. This is particularly urgent given that 85 percent confirmed that security teams set the strategy for managing security risk and governance across cloud native.
"Cloud native is the way of the future, enabling highly scalable, flexible and resilient applications that can deliver a competitive edge -- in a few years, almost everything will be running on cloud native architecture," says Matt Barker, global head of cloud native services at Venafi. "But amid the rush to transition to these modern environments, many organisations are underestimating the work needed to deliver efficiency and security. As organisations continue to move more critical workloads into cloud native environments, they need to ensure they close these gaps, or we will see even more breaches and outages."
One of the key challenges highlighted by the research is the issue of responsibility and control. 85 percent of respondents agree that continuous security validation to the CI/CD pipeline is vital to reducing the risk of vulnerabilities going undetected during the software development lifecycle. But while security teams still control the overall strategy for cloud native security, the implementation of those controls within cloud native environments more often rests with development and platform teams -- despite the fact that 74 percent of respondents note that developers are challenged with several conflicting priorities, meaning security is not always front of mind.
The research also suggests that development teams are not always being given, or obtaining, the right tools to work fast and secure. 68 percent of respondents think that while DevOps is a great idea, it isn't working in practice because security is still a speed bump. Also over half lack the ability to automate security, leading to difficulties in managing security across multiple clusters. While 88 percent believe machine identities are essential to the success of zero trust, 73 percent say it's hard to meet developer-driven machine identity management requirements for cloud native workloads in an easy and secure way.
You can get the full report from the Venafi site.
Image credit: NataliMis/depositphotos.com