The Year Ahead for Kubernetes and Container Security
Source:-securityboulevard.com
A new study out conducted among the DevSecOps community shows that Kubernetes use is rapidly growing within the enterprise, and not just within test or development environments. As organizations try to catch their breath with the rapid adoption rate, the security community is scrambling to adapt to containers and cloud native architectures as the new normal.
The Alcide Kubernetes survey queried 200 professionals from development, operations, security, and cloud architect teams. It found that 45% of companies are now running Kubernetes in production, with some 37% of organizations using hybrid or multi-cloud enviornments for their K8 clusters. The study showed that Kubernetes use in production rose by 120% in the last year.
The most common driver of adoption was the implementation of microservices, which was cited by 60% of respondents. Approximately 53% said the need to improve innovation velocity and time to market was a major driver, and 44% cited application scaling.
This is among many signs that Kubernetes will continue to evolve as âthe âLinux of the cloud,’â says Ben Newton of Sumo Logic, who believes that in 2019 it became clear that Kubernetes won the cloud orchestration war.
âToday, all the major cloud providers â Amazon, Google and Microsoft â all offer a managed Kubernetes service,â says Newton. âAs multi-cloud adoption continues to accelerate its been highly correlated with higher Kubernetes adoption. Kubernetes will continue to remain an orchestration tool of choice as it offers broad multi-cloud support and can be leveraged by many organizations to run applications across on-prem and cloud environments.â
In spite of this market-determined standardization on Kubernetes, many security teams still remain behind the eight-ball with regard to securing K8 clusters. Alcide explained in its report that a study of 5,000 Kubernetes deployments last year found that 89% of them encoded sensitive information like passwords in plain text when the applications should have been using Kubernetes Secrets. Whatâs more, the studyâs data showed that over 75% of the scanned deployments used workloads that mounted high vulnerability host file systems such as /proc, while none of the surveyed environments exhibited any kind of segmentation using Kubernetesâ network policies.
âThese findings confirmed the increasing complexity of multi-cluster Kubernetes environments and the prevailing lack of connectivity with DevOps workflows complicating efforts by SecOps teams to keep pace with Kubernetes vulnerabilities and best practices,â the report explained.
Many Kubernetes users have at least an inkling of the security weaknesses they must tackle soon. Around half of teams admitted in the survey that theyâre not confident their K8 deployments are secure and 67% anticipate that theyâll need to increase the use of Kubernetes specific security tooling in 2020.
According to some, the big level-up to come will be in the increased manifestation of security âpolicy as code,â coupled with automated container security controls, some of them native and some through third-party tooling.
âKubernetes ConfigMaps and Custom Resource Definitions (CRDs) are making it possible for configurations and rules to be automated right into the CI/CD and DevOps pipeline,â says Glen Kosaka, vice president of product for NeuVector. âBecause of this, DevOps teams in 2020 will be much better equipped to analyze application behavior and set security policies for any and all workload deployments via YAML files. Expect this evolution of more efficient and automated security integration processes to be a particularly welcome change for DevOps next year.â
Automation and managed options are going to be crucial for Kubernetes and cloud-native security in 2020, as the already latent IT security skills shortage is exacerbated by the relative newness of these technologies. Just boning up on Kubernetes management knowledge is straining many organizations. The Alcide study showed that 44% of users admit that Kubernetes is still âsomewhat of a black boxâ to them. As such, organizations will be looking for any shortcut they can find to catch up on Kubernetes security and management.
âThe IT skills shortage will continue to plague the market, especially for new technologies such as Kubernetes, and (in) what is by now a chronic shortage in skilled IT security professionalsâ says Rani Osnat, vice president of strategy for Aqua Security. âIt will drive organizations to seek solutions that provide a high degree of automation, with âzero-configurationâ out- of- the- box capabilities that provide value immediately, and donât require a lot of integration work or management overhead.â