Most organizations have a DevSecOps initiative and accountability for container safety continues to evolve and stays decentralized. These are two of the findings from our newest report on the state of container and Kubernetes safety (Obtain your copy at the moment). We’re kicking off the fourth version of our State of Kubernetes and Container Safety Report (Fall 2020 version) by analyzing how firms are adopting containers, Kubernetes, and cloud-native applied sciences whereas assembly the challenges of securing their very important Kubernetes purposes. Primarily based on responses from greater than 400 Kubernetes and container customers throughout IT safety, DevOps, engineering, and product roles, the findings on this report function a benchmark for organizations when navigating their cloud-native safety use instances and priorities.
Of all of the survey responses, the next 5 findings stand out particularly.
1) 83% of organizations have a DevSecOps initiative
Whereas Safety as code, the holy grail of Kubernetes safety, stays out of attain for almost all of organizations, DevSecOps is not only a buzzword. Our survey discovered that solely 17% of respondents proceed to function DevOps separate from safety. Much more promising is the truth that 43% of respondents have both built-in safety throughout your complete container life cycle or have taken it one step additional by imposing safety insurance policies as code.
Obtain the complete report
Obtain this report back to study extra in regards to the newest in container and Kubernetes adoption and safety traits
Obtain In the present day
2) 29% of respondents take into account the Safety crew to be accountable for Kubernetes safety, adopted by DevOps at 23%
Throughout varied IT roles, Safety is the one position most cited as accountable for securing containers and Kubernetes. However taken collectively, the myriad operational roles of DevOps, Ops, and DevSecOps beat out safety, at 61%. Containers and Kubernetes adoption is primarily pushed by DevOps, so it’s not shocking to see respondents naming them as accountable for securing this new expertise. To bridge these gaps, container and Kubernetes safety tooling should facilitate shut collaboration amongst completely different groups – from Safety to DevOps to Ops to Builders – as a substitute of perpetuating the silos that usually plague organizations.
3) 90% of respondents have skilled a safety incident in Kubernetes environments
A staggering 90% of survey respondents have skilled a safety incident of their Kubernetes and container environments over the past 12 months.
Human error is probably the most typically cited trigger of information breaches and hacks, and containers and Kubernetes have a whole lot of knobs and dials, rising the possibilities of human error. Getting all of the configurations appropriate is commonly very difficult, even for seasoned builders. Not surprisingly, 67% of respondents have skilled a misconfiguration incident of their environments over the past 12 months. Nearly 1 / 4 reported detecting a significant vulnerability, 17% skilled a safety incident throughout runtime, and 16% have failed a compliance audit.
4) AWS Outposts, Microsoft Azure Arc, and Purple Hat OpenShift are neck and neck for hybrid deployments
As we’ve seen hybrid deployments stay fashionable, we needed to know how organizations had been deploying in hybrid mode. The recognition of applied sciences from the general public cloud suppliers follows the same arc of total platform reputation, with one obtrusive distinction: Amazon’s managed Kubernetes service (EKS) enjoys a 50% benefit in use over its subsequent nearest competitor in our survey findings, Azure (AKS), however Amazon Outposts and Azure Arc are deployed at practically equal ranges.
Amazon, given its dominance within the cloud, took longer to help a hybrid strategy, and buyer anecdotes point out its pricing generally causes sticker shock. Google Anthos, deployed at about half the speed of both AWS’ or Azure’s hybrid providing, has not loved sturdy market progress.
5) Practically half of organizations have delayed deploying apps into manufacturing attributable to safety issues
Sooner software growth and launch, faster bug fixes, and elevated characteristic velocity are three of probably the most typically cited advantages of containerization. Nevertheless, when safety turns into an afterthought, you danger diminishing the best achieve of containerization – agility. Simply as we present in our research eight months in the past, practically half of the respondents (44%) have needed to delay an software rollout due to safety issues.
Implications for container and Kubernetes safety
The findings on this survey reinforce the necessity to shift safety left and embed it into DevOps workflows earlier within the container life cycle. In any other case you might be placing in danger the core good thing about sooner software growth and launch by treating safety as an afterthought. With practically half of our respondents delaying manufacturing rollouts due to safety issues, clearly an absence of safety is inhibiting enterprise acceleration and innovation. Obtain the complete report to achieve additional insights into the state of Kubernetes and container adoption and safety.