Kubernetes, Container Security Woes Evolving
Kubernetes security has emerged as a booming business as deployments enter production and security vendors release a steady stream of user surveys pinpointing specific pain points in production container rollouts.
The latest example comes from StackRox, a security vendor targeting enterprises struggling to lock down their application container and Kubernetes cluster orchestrator deployments. StackRox, which pitches a Kubernetes-native container security platform, said its survey found growing concerns about misconfigurations and runtime risks along with a shift toward “DevSecOps” as container adopters hustle to secure microservices.
StackRox, Mountain View, Calif., estimates a healthy 86 percent of organizations it surveyed are using Kubernetes and container services as enterprises continue to embrace hybrid cloud infrastructure. That figure tracks with earlier vendor surveys that documented the growing popularity of Kubernetes.
In the midst of steady reports of Kubernetes security flaws, vendors such as StackRox and others have been promoting container security platforms to plug gaps. Meanwhile, container pioneers like Docker have been introducing enterprise editions of their platforms that address ongoing Kubernetes security concerns.
The StackRox survey released Tuesday (July 30) found that two-thirds of those polled have more than 10 percent of their applications running in software containers. Still, 40 percent worry about container security as they ramp up hybrid cloud infrastructure investments.
Despite ongoing security concerns, the latest survey confirms earlier estimates of skyrocketing enterprise adoption of Kubernetes. StackRox reported a whopping 51 percent increase in Kubernetes deployments over the last six months.
“Self-managed” was the most popular form (44 percent), followed by Amazon Web Service’s (NASDAQ: AMZN) Elastic Kubernetes Service. Similar managed services from Microsoft Azure (NASDAQ: MSFT) Google (NASDAQ: GOOGL) and (IBM NYSE: IBM) Red Hat OpenShift trailed AWS.
As those hybrid deployments accelerate, new Kubernetes security issues are surfacing. The survey found growing concerns about misconfigurations and accidental exposures, up six percent since the company’s last survey to 60 percent. Forty-three percent identified application runtimes as the most worrisome application life-cycle phase.
“Despite recent discoveries of Kubernetes vulnerabilities, organizations continue to view user-driven misconfigurations and exposed Kubernetes dashboards or metadata as their biggest source of risk,” the survey reported.
In response, two-thirds of organizations polls said they view DevOps and DevSecOps as the first line of defense for container and Kubernetes security. A larger percentage—31 percent—said developer teams should handle container security.
The container security specialist said it polled about 390 IT and security managers for its biannual survey.
Along with Kubernetes security tools, vendors are also offering container orchestration services based on the de facto standard cluster manager. For example, Kazuhm, a container-based distributed computing platform, has added a Kubernetes-as-a-Service to its platform. The KaaS offering is designed to allow DevOps teams deploy, manage and “tear down” on-premise and cloud-based container clusters on demand.
The San Diego-based company touts its service as providing a better way to manage containers on a project-by-project basis.