Listen to this story
While the popularity of container designs and microservices is accelerating, managing automated and proactive security and compliance is proving to be a particularly difficult task for responders. It is one of the main conclusions that can be drawn from NeuVector’s recently conducted 2021 EU Container Security Survey.
NeuVector, a container security company headquartered in Silicon Valley, polled over 1,200 enterprise DevOps specialists at KubeCon EU 2021. More than 89 percent of respondents who answered to the survey said they had container deployments in place or planned to do so in the next 6-12 months.
Kubernetes, Red Hat OpenShift, and Rancher are the most popular orchestration platforms among respondents. The most popular cloud platforms among respondents were AWS EC2, AWS EKS, and AWS Fargate, with AWS EC2, AWS EKS, and AWS Fargate coming in first, second, and third, respectively.
However, while container and Kubernetes security was identified as a top issue, many respondents also stated that their present security tools and procedures are unsuitable for fulfilling continuous (and always rising) security needs.
The 2021 EU Container Security Survey highlights include:
- Kubernetes runtime security is a growing concern – Almost three-quarters of those polled were concerned about the security of their Kubernetes runtime, including the danger of network assaults, man-in-the-middle attacks, and cryptomining. While 64 percent of respondents claim to have insight into the sensitive data accessible by their Kubernetes installations, Kubernetes hides some of this data behind a layer of abstraction. Many responders that claim this visibility, in actuality, are likely unaware of Kubernetes API server access, pod-to-pod communication, connection encryption status, and other areas of concern. Many companies are likely less secured than they think, according to survey results, which revealed uncertainty about what vulnerability assessment tools and extra cloud provider or vendor safeguards respondents have available.
- An over-reliance on built-in Kubernetes security policies is worrisome – To safeguard their Kubernetes deployments, 72% of respondents use Kubernetes Network Policy (KNP) and/or Pod Security Policy (PSP). While these built-in regulations provide basic security, they are insufficient to adequately safeguard businesses from threats. This is particularly true with PSP, which was phased out in June 2021. Organizations need more granular and automated Kubernetes-native security capabilities to provide completely dependable Kubernetes safeguards.
- Organizations using Kubernetes across multiple clouds must address security implications – The majority of responders (70 percent) either plan to or have already scaled their Kubernetes workloads across different clouds. These multi-cloud deployments increase the challenge of maintaining security across platforms and policies across multiple clusters, raising an organization’s security issues. These businesses would need a Kubernetes-native security approach that can deploy automated security while also supporting each cloud and platform in use.
- Compliance tool adoption lags but remains essential – Only 20% of respondents have implemented a compliance solution for their container and Kubernetes systems. Enterprises subject to laws such as PCI-DSS, SOC-2, GDPR, and others require automated compliance scanning and reporting capabilities in their production settings, and this sector in particular is a focus for development.
“Most respondents express concern over the security of their container environments, and especially their Kubernetes deployments in production,” said Glen Kosaka, Vice President of Product Management, NeuVector. “But it’s clear that concern needs to turn into action. Many are likely overestimating the capabilities of their current container security and compliance processes – and as headlines continue to show, container environments are an increasingly inviting target for attacks. We look forward to helping organizations better understand both their true security requirements and the reliable security capabilities available to fully protect their environments. Achieving end-to-end container security and maintaining application development velocity and agility is not an either-or decision that enterprises should have to make.”