NeuVector announced the results of its
2021 Container Security Survey. The report, available for download
here, identifies
current trends and challenges enterprises are grappling with as they
increasingly turn to microservices architectures.
NeuVector surveyed 156 enterprise DevOps professionals at the most recent
KubeCon North America. Among respondents, 80% currently manage active container
deployments and 87% are planning new container deployments over the next 6-12
months. Close to 90% of respondents utilize Kubernetes for container
orchestration, and the majority name Jenkins their primary CI/CD pipeline
automation tool (GitLab is second most-popular, with no other tool garnering
more than 10%). When it comes to the role that security plays as more
enterprises shift left to protect applications from the beginning of
development, implement DevOps processes and cultures, and accelerate workflow
productivity, 76% of respondents report that container security is a clear
priority at their organization. However, questions over container security
responsibilities within enterprises, how to balance security with performance,
and how to respond to security incidents are far from settled.
2021 Container Security Survey Highlights
- There is little consensus
on who owns the responsibility for container security
Among respondents, 32% consider container security their
organization's single most important priority as they roll out containers and
Kubernetes initiatives; another 44% report it as among their top priorities.
That said, enterprises are mixed in how they are addressing security. In
questions asking which team should be responsible for securing container
environments and Kubernetes, respondents split their answers among security
(42%), development (30%), and operations (28%) roles.
- Nearly two-thirds of respondents
would curtail security to maintain high CI/CD velocity
Somewhat contrary to respondents' stated prioritization of
security, 63% of respondents acknowledge that they would curtail or restrain
security measures in order to maintain high velocity production. This risky
proposition increases the potential that enterprises will face repercussions
from known and unknown vulnerabilities. On a positive note, 61% of respondents
do use Kubernetes Pod security and/or network security policies, and many
supplement those native policies with vulnerability scanning, along with
network inspection and blocking.
- Security incident response
functions used in Kubernetes environments are all over the map
To protect critical applications and data when incidents do
occur, enterprises are leveraging a broad range of tools and strategies. While
Layer 7 network blocking leads the way as a tactic employed by 32% of
respondents, nearly as many have adopted Layer 3 and 4 network blocking,
network packet capture, container process blocking, file access monitoring, or
container quarantining.
Interestingly, DevOps respondents indicated a
crucial need for information as they deploy Kubernetes and pursue container
security measures. Two-thirds report relying on official Kubernetes
documentation as their best source of information, while 41% leverage
information from Kubernetes security vendors, and 39% turn to documentation
from cloud vendors.
"As container security breaches continue to make headlines, we are pleased that
a majority of enterprises leveraging containerized environments name security
among their highest priorities," said Fei Huang, Chief Strategy Officer at
NeuVector. "At the same time, that fact that a disproportionate number of
enterprises would sacrifice security for productivity is both troubling and
misguided. We advise organizations to recognize security as essential to the
success of their container and Kubernetes implementations, and to select
security capabilities that can enable development agility while still achieving
fully reliable protection."
The full report can be accessed here:
https://go.neuvector.com/2021securitysurvey