Venafi released findings of its latest research report, The Impact of Machine Identities on the State of Cloud Native Security in 2023.
The report examines the top threats and challenges impacting the state
of cloud native security at organizations today, including their
approach to cloud native security, challenges faced, ownership among
security and development teams, and the foundational role machine
identities play within cloud native security.
To
maintain a competitive edge, modern organizations are evolving toward
highly scalable, flexible and resilient applications - leading to the
widespread adoption of cloud native technologies like Kubernetes. In
fact, 84% of security and IT leaders believe that Kubernetes will soon
be the main platform used to develop all applications. However, amid the
rush to transition to these modern environments, many development teams
are putting security on the back burner, creating new risks and
opportunities for nefarious cybercriminals. Venafi's survey found that
organizations are grappling with the unique risks of cloud native
environments when it comes to security - with three-quarters of survey
respondents reporting that they believe we are heading towards a cloud
reckoning in terms of costs and security.
"Balancing
speed and security is no easy feat, but it's a necessity for
organizations today," said Kevin Bocek, VP of ecosystem and community at
Venafi. "It's critical for security and platform teams to get cloud
native security right - there is no perimeter, no pull-the-plug in the
cloud. The foundation then of cloud native security is strong machine
identity management. Without machine identities like TLS, SPIFFE and
code signing certificates, we wouldn't be able to authenticate one cloud
from another or authorize one container from another. The findings from
Venafi's new survey indicate that organizations are not prepared for
the demands and risks that these modern architectures bring."
Additional findings from the Impact of Machine Identities on the State of Cloud Native Security in 2023 report include:
- Cloud Native Confusion and Kubernetes Concerns - Organizations
are moving to the cloud but are doing so blindly without prior
consideration for cloud native security in mind. Eighty-seven percent of
security and IT leaders have started moving legacy applications to the
cloud; however, more than half of those leaders (59%) did not understand
the associated security risks. In fact, 59% of respondents admit to
having experienced security-related issues within Kubernetes or
container environments. Moreover, three-quarters of respondents
acknowledged that the speed and complexity of Kubernetes and containers
create new security blind spots. For 33% of respondents, security issues
delayed an application launch, while 32% experienced disruption to
application services. Security and IT leaders cite the main causes of
Kubernetes and container security issues as network breaches (42%), API
vulnerabilities (41%) and certificate misconfiguration (39%).
- Unclear Ownership of Cloud Native Security: Despite
acknowledging these cloud native security issues, there are no clear
delineations around ownership from beginning to end. For example, 85% of
security teams report setting the strategy for managing security risk
and governance across cloud native environments. However, the actual
implementation of security tools, governance and policies is split among
development, security and platform teams, with a slight majority going
to the development teams (41%). What's more, 74% of respondents worry
that developers are challenged with several conflicting priorities, so
security is not always top of mind. Finally, 90% believe security teams
need to increase their understanding of cloud native environments to
ensure applications are secure.
- Machine Identity Management: The Missing Piece?: It's
clear that better management of machine identities can help solve for
the tradeoff between speed and security. For example, 70% of security
and IT leaders believe that software supply chain attacks are their
biggest security blind spot. Additionally, 85% believe that continuous
security validation to the CI/CD pipeline is vital to reducing the risk
of vulnerabilities going undetected during the software development
lifecycle. Sixty-one percent acknowledge they cannot issue certificates
at the speed needed in Kubernetes and service mesh. Finally, 88% believe
that machine identity management is essential to the success of zero
trust models.
To download the full report and read all findings, visit https://venafi.com/lp/cloud-native-security-report-2023.