A survey of 156 attendees at the recent virtual KubeCon North America 2020 conference suggests the rate at which containers are deployed on Kubernetes clusters is accelerating.
The survey, conducted last November by NeuVector, a container security platform provider, finds 80% of respondents are already managing an active container deployment, with 87% planning new container deployments over the next six to 12 months. Close to 90% of respondents are employing Kubernetes as their container orchestration solution, followed by offerings based on Kubernetes such as Red Hat OpenShift, Rancher and VMware, each employed by less than 20% of respondents.
Slightly more than half of respondents are using Jenkins as their continuous integration/continuous delivery (CI/CD) platform to manage development of containerized applications, with 30% using GitLab.
More than three quarters of respondents (76%) reported that container security is a clear priority at their organization, but responsibility for container security remains divided between cybersecurity (45%), developers (30%) and operations (25%). Just under a third (32%) consider container security to be their organization’s single most important priority.
The survey notes 61% of respondents are using Kubernetes Pod Security and/or Network Security Policies as the foundation for their overall container security strategy. While Layer 7 network blocking is the tactic most often employed (32%), other widely used tactics include Layer 3 and 4 network blocking, network packet capture, container process blocking, file access monitoring or container quarantining. Roughly 55% of respondents also scan for container vulnerabilities.
Responsibility for Kubernetes security, however, is more the responsibility of security teams (60%), so a distinction between who is responsible for securing platforms versus the pipelines that make up a software supply chain may be evolving.
Fei Huang, chief strategy officer for NeuVector, says the survey suggests progress is being made in terms of implementing DevSecOps best practices within IT organizations that have adopted containers, but there is still a significant amount of work left to be done before most organizations bridge the divide that currently exists among security, operations and development teams. In fact, 63% of respondents acknowledge that they will curtail security to maintain high velocity production.
In general, Huang says IT organizations are facing new security challenges. Not only are platforms such as Kubernetes being deployed at the edge in ways that increase the overall attack surface that needs to be defended, Huang says the stack of software being deployed on top of and around Kubernetes is getting thicker. Each software component in a Kubernetes environment needs to be secured, Huang says.
Despite this, the rate at which containers and Kubernetes clusters are being deployed does not appear to be adversely impacted by container security concerns. Less clear is the degree to which that rush to embrace containers and Kubernetes is creating a security bill that will need to be paid down the road. Cybercriminals have, no doubt, noticed the rate at which containers and Kubernetes are being deployed in production environments, but most of those platforms have yet to be put to the test in the real world.