Advanced Computing in the Age of AI | Sunday, July 3, 2022

Kubernetes Adopters Ramp DevSecOps 

via Shutterstock

The faster Kubernetes deployments are scaled, the bigger a target they become for hackers probing for security vulnerabilities.

With security incidents rising sharply, Kubernetes-native container security platform vendor StackRox reports that 44 percent of respondents to a recent poll are delaying Kubernetes deployments. That pause has allowed time to launch DevSecOps initiatives for securing application containers and cluster orchestrator defenses before workloads shift to production.

The latest Kubernetes enterprise adoption survey underscores the reality that microservices vendors put the horse before the cart, largely failing to consider security threats as they raced to release Kubernetes distributions. In response, 83 percent of early adopters have initiated DevSecOps initiatives to plug security holes.

The survey results are good news for Kubernetes security vendors like StackRox. “These findings show how seriously organizations are taking the need to secure their cloud-native stack,” said CEO Kamal Shah.

A spike in security incidents include, in order of frequency, misconfigurations, a general “major vulnerabilities” category, runtime incidents and failed security audits, StackRox reported on Wednesday (Sept. 23).

Despite the concerted push by cloud vendors offering managed Kubernetes services, half of adopters surveyed by StackRox are using running and managing their own open source versions. The most popular managed versions are Amazon Elastic Kubernetes Service, Microsoft Azure Kubernetes Service and Google Kubernetes Engine (GKE), in that order.

The survey found that Amazon Elastic Cloud Service remains the only “non-Kubernetes orchestrator,” among the top five, and “continues to lose market share at a rapid pace.”

Meanwhile, Google and chip partner AMD announced a “confidential computing” effort earlier this month designed to secure workloads running on Kubernetes clusters via GKE. The secured Kubernetes nodes are based on AMD’s latest EPYC processor that incorporates hardware-based encryption in its Zen 2 Core architecture.

Those managed services address growing concerns about container and Kubernetes security. The StackRox survey found that fully two-thirds of respondents identified security and compliance as their top concern. Security and compliance concerns will likely grow as data volumes soar, especially customer data, and security threats evolve.

In response, early Kubernetes adopters are keeping critical data in-house. The survey also found that 44 percent of respondents are running containers both on-premises and in the cloud. Forty-one percent went all-in with cloud-based container deployments.

Supporting those hybrid and cloud deployments are AWS Outpost, Azure Arc, IBM/Red Hat OpenShift and Google Anthos, in that order.

StackRox, Mountain View, Calif., said it surveyed more than 400 Kubernetes adopters, including IT operators, application developers along with security and compliance specialists.

The Kubernetes survey is here.

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).

Add a Comment