Virtualization Technology News and Information
StackRox 2020 Predictions: As Kubernetes Matures, Security Evolves into Safety

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Ali Golshan, CTO and co-founder, StackRox

As Kubernetes Matures, Security Evolves into Safety

2019 was a landmark year for Kubernetes. According to the results of StackRox's 2019 State of Container and Kubernetes Security Survey, widespread adoption of Kubernetes continued to accelerate, growing more than 50 percent in merely six months. This year the Cloud Native Computing Foundation (CNCF) also completed its first Kubernetes security audit which underscored the significant investments the CNCF has made in product security. While Kubernetes may have hit a few security roadblocks, including the discovery of several CVEs (which were quickly patched), the CNCF has handled these issues responsibly and we've already seen improvements as a result.

The fact remains, however, that configuring Kubernetes is complex, and it can be hard to keep track if your organization is shipping new code quickly. Operationalizing the platform and taking steps to protect your infrastructure and applications is one of the most fundamentally important things your organization can do to get the most value from its Kubernetes investments. If you haven't made efforts to do this already, 2020 is the time. And with that, there are a number of other factors you will need to consider to glean the most value from Kubernetes as its ecosystem continues to mature.

Kubernetes Maturity Means Businesses Can Build Bigger, Better Things

The results of CNCF's first full Kubernetes audit revealed that Kubernetes is foundationally secure and fully functional. But it also forced Kubernetes users to to take a closer look at potential vulnerabilities, configuration issues, and other weaknesses. 

Up to this point, a lot of organizations were running Kubernetes to build and test applications, or run in environments that didn't have external exposures. They didn't have mission-critical applications with web-facing services exposed. But this is changing, quickly. The pattern towards the maturity of Kubernetes is similar to other technologies. Virtualization went through something very similar in the early 2000s. Public cloud went through it from roughly 2008-2012. Kubernetes is following a very natural progression.

Orchestration Consolidates around Kubernetes

A lot of companies have gone down the path of DevOps, building and using containers and microservices. As a result, workloads are getting more complex, and companies are getting a much better sense of the functionality they need from the container ecosystem. The Kubernetes ecosystem is very rich, and as more companies find value in using Kubernetes as a container orchestrator, they will adopt more solutions in the ecosystem. These advances mean we'll see increasingly complex workloads running in Kubernetes.

We're seeing a pattern where different types of workloads are becoming possible because of Kubernetes. This proliferation is particularly true among companies building SaaS solutions - these applications are data heavy and very complex. These applications also lend themselves well to wider adoption of service mesh. 

Service Mesh Comes into Its Own

While service mesh technology is in its early stages in comparison to Kubernetes, we're starting to see new requirements for how tools such as Istio, Envoy, and Linkerd are going to be used. As customer deployments of service mesh technologies get more complex, the applications it supports will increase in complexity and criticality.

The general progression of microservices deployments is that you lock down your CI/CD, continuously conduct image scanning, and then harden your deployment process. Then you put the services into runtime and segment your network. You get more sophisticated as you move up the stack and incorporate additional controls and visibility into the application.

That last piece is what service mesh provides, and from a productization and application perspective, the evolution of service meshes is still unclear, since - unlike with k8s - no clear winner has emerged.  The needs for observability, tracing and application-level controls using policies and routing are clear - however we have yet to see which technology emerges as the dominant player.

Kubernetes use cases move towards operationalization safety 

To date, the most standard use cases for Kubernetes security across all organizations are visibility and configuration management. These use cases dominate when deployments are still early. As organizations scale and mature their deployments, the security use cases will evolve and grow as well.

What's interesting is how organizations of a certain profile are more advanced in their deployments. In some industries, such as healthcare, startups tend to be more advanced than established businesses. 

Companies that are in transition are also likely to adopt Kubernetes more aggressively. Organizations such as Sony and Disney are rebuilding streaming services using Kubernetes, because they want to move as fast and offer services as quickly as companies such as Netflix. So sometimes Kubernetes adoption is tied to getting a leg up on innovation, and other times it's a matter of survival. 

While the initial adoption of Kubernetes has to do largely with enabling business innovation, the technology offers powerful opportunities to build security directly into the development process. Developers are realizing that if security isn't built in, they will suffer from undetected vulnerabilities, misconfigurations, or other factors out of their control. Security is increasingly part of the developer's consciousness - it's becoming an integral part of running services and applications safely for optimal business value.

The fact is, you have to build security into development because you're dealing with so much data, so many users, highly distributed infrastructure, and much larger scale. You can't just keep adding firewalls and agents and point solutions in the way security teams are used to. To transition security into safety, you have to bake it in to the entire process.

For Kubernetes, as operational challenges like these continue to be addressed, we'll see an acceleration in improvements that results in increased scalability, performance, and functionality. As a result, Kubernetes will continue to be adopted by a much larger arena of applications, including IoT, autonomous vehicles, and popular consumer technologies that need processing power and the ability to build and deliver applications and services more effectively. These technologies will increasingly shine a light on the breadth and scale that Kubernetes-based applications can enable.


About the Author

Ali Golshan

With a passion for building disruptive products, Ali is Co-founder and CTO for StackRox, where he oversees the company's technology strategy and roadmap. Prior to StackRox, Ali was the Founder & CTO of Cyphort (acquired by Juniper Networks) and led the company's product strategy and research initiatives. Previously, Ali worked as a security researcher and engineer at Microsoft and PwC. Ali started his career in Government conducting security and vulnerability research for the intelligence community.

Published Thursday, December 19, 2019 7:45 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2019>