NeuVector announced the findings of its 2021 EU Container Security
Survey. The new
report finds that while adoption of container architectures
and microservices continues at an impressive pace, maintaining automated and
proactive security and compliance is a particularly acute challenge for
respondents.
NeuVector polled more than 1,200 enterprise DevOps professionals attending KubeCon
EU 2021. More than 89% of these survey respondents have container deployments active, and 88% are planning
additional container deployments in the
next 6-12 months. Kubernetes is the most used orchestration platform among
respondents, followed by Red Hat OpenShift and Rancher. AWS took the top three
positions among cloud platforms used, with respondents naming AWS EC2, AWS EKS,
and AWS Fargate as the most popular options. But most interestingly:
while container and Kubernetes security
was cited as a top concern, many respondents also reported that their current
security tools and practices are not well-matched for meeting ongoing (and
continually escalating) security requirements.
2021 EU Container Security
Survey highlights:
- Kubernetes
runtime security is a growing concern
Almost three-fourths of respondents had concern over their
Kubernetes runtime security - including their risk of network attacks,
man-in-the-middle attacks, and cryptomining. While 64% report having visibility
into the sensitive information being accessed from their Kubernetes
environments, Kubernetes itself obfuscates some of this information through a
layer of abstraction. In reality, many respondents who claim this visibility
likely lack insights into Kubernetes API server access, pod-to-pod
communication, the encryption status of connections, and other areas of
concern. Survey responses also indicated confusion over what vulnerability
scanning tools and additional cloud provider or vendor protections respondents
have available, suggesting that many organizations are likely less protected
than they might assume.
- An
over-reliance on built-in Kubernetes security policies is worrisome
Seventy-two percent of respondents rely on Kubernetes Network
Policy (KNP) and/or Pod Security Policy (PSP) to protect their Kubernetes
deployments. While these built-in policies offer basic security, they do not
provide adequate protections to properly insulate organizations from risks.
This is especially true with PSP, which was deprecated in June 2021. To achieve
fully-reliable Kubernetes protections, organizations require more granular and
automated Kubernetes-native security capabilities.
- Organizations
using Kubernetes across multiple clouds must address security implications
Most - 70% - respondents either have plans to scale their
Kubernetes workloads across multiple clouds, or already do so. These
multi-cloud deployments multiply an organization's security concerns by
increasing the difficulty of managing security across platforms and policies
across different clusters. These enterprises require a Kubernetes-native
security strategy capable of deploying automated security and supporting each
cloud and platform in use.
- Compliance
tool adoption lags, but remains essential
Just 20% of respondents
have a compliance tool in place for their container and
Kubernetes environments. This area in particular is a target for growth, as
enterprises subject to regulations such as PCI-DSS, SOC-2, GDPR and others
require automated compliance scanning and reporting capabilities in their
production environments.
"Most respondents express concern over the security of their container environments, and especially their
Kubernetes deployments in production," said Glen Kosaka, VP of Product Management,
NeuVector. "But it's clear that concern needs to turn into action. Many are
likely overestimating the capabilities of their current container security and compliance processes - and as
headlines continue to show, container environments
are an increasingly inviting target for attacks. We look forward to helping
organizations better understand both their true security requirements and the
reliable security capabilities available to fully protect their environments.
Achieving end-to-end container security and
maintaining application development velocity and agility is not an either-or
decision that enterprises should have to make."
The complete survey report can be accessed here:
https://go.neuvector.com/2021-security-survey-kubecon-eu