Cloud native security threats concern 75% of IT & security leaders
New research by Venafi, a cybersecurity firm, reveals that 83% of IT and security leaders expect Kubernetes to play a pivotal role as the principal platform for application development. Nevertheless, 75% are concerned about the pace and complexity of Kubernetes, hinting at potential security blindsides, with 59% already experiencing security incidents in Kubernetes or container environments.
The report includes the findings of a worldwide survey of 800 security and IT leaders from large organisations based in the United States, United Kingdom, France, and Germany. It investigates the significant threats and challenges affecting the status of cloud native security today.
An extensive 84% of respondents anticipate that Kubernetes will soon dominate as the primary platform for all application development. However, 75% are apprehensive that the speed and complexity of Kubernetes and containers are leading to fresh security vulnerabilities. Additionally, 59% of respondents who have finalised a cloud migration admitted to overlooking the security risks involved. At the same time, over half of those who have done so, failed in refactoring them using cloud native technologies.
Matt Barker, Global Head of Cloud Native Services at Venafi, commented on the report: "Cloud native is the way of the future, enabling highly scalable, flexible and resilient applications that can deliver a competitive edge – in a few years, almost everything will be running on cloud native architecture. But amid the rush to transition to these modern environments, many organisations are underestimating the work needed to deliver efficiency and security. As organisations continue to move more critical workloads into cloud native environments, they need to ensure they close these gaps, or we will see even more breaches and outages."
The research also puts the spotlight on the issue of responsibility and control, with 85% of respondents accepting that continuous security validation for the CI/CD pipeline is crucial for reducing vulnerabilities. However, while security teams control the overall strategy for cloud native security, the implementation of controls often falls on the shoulders of the development and platform teams. It is especially problematic considering that 74% of respondents observed multiple conflicting priorities for developers, often sidelining security.
Moreover, the research indicates that development teams might not possess or procure the necessary tools for both fast and secure operations. In particular, 68% of respondents believe that while DevOps holds promise, security continues to pose a hurdle in practicality as over half lack the means to automate security.
Kevin Bocek, the Vice President of Ecosystem and Community at Venafi, says, "Balancing speed and security is no easy feat, but it’s a necessity for organizations today. It’s critical for security and platform teams to get cloud native security right – there is no perimeter, no pull-the-plug in the cloud. The findings from Venafi’s new survey indicate that organisations are not prepared for the demands and risks that these modern architectures bring."