As organisations all over the world switch to Kubernetes for application development, its speed and complexity could be putting their cloud security at risk.
That's according to new research by the cybersecurity firm Venafi, which found that three-quarters of security experts and IT pros believe that the complexity and speed of Kubernetes deployments are creating security blind spots in the cloud.
More than half of these experts also said they had experienced security incidents within Kubernetes or container environments themselves, with network breaches, API vulnerabilities and certificate misconfigurations being the leading causes.
Just under a third of these incidents led to a data breach or network compromise, the report found, with 33 per cent having delayed an application launch, 32 per cent experiencing disruption to their application service and 27 per cent suffering a compliance violation.
“Cloud native is the way of the future, enabling highly scalable, flexible and resilient applications that can deliver a competitive edge – in a few years, almost everything will be running on cloud-native architecture,” said Matt Barker, global head of cloud-native services at Venafi.
“But amid the rush to transition to these modern environments, many organisations are underestimating the work needed to deliver efficiency and security. As organisations continue to move more critical workloads into cloud-native environments, they need to ensure they close these gaps, or we will see even more breaches and outages.”
A clouded understanding
The findings are part of Venafi’s global survey of 800 security and IT leaders from large organisations examining the top threats and challenges impacting the state of cloud-native security today.
One of the key challenges highlighted by the research was the lack of understanding of the cloud, with 90 per cent of respondents stating that security teams need to increase their understanding of cloud-native environments to ensure applications are secure.
Respondents also raised the issue of responsibility and control. Eighty-five per cent of respondents agree that continuous security validation of the CI/CD pipeline is vital to reducing the risk of vulnerabilities going undetected during the software development lifecycle.
But while security teams still control the overall strategy for cloud-native security, the implementation of those controls within cloud-native environments more often rests with development and platform teams – despite developers being challenged with several conflicting priorities and not always having security front of mind.
“It’s critical for security and platform teams to get cloud-native security right – there is no perimeter, no pull-the-plug in the cloud," said Kevin Bocek, VP of ecosystem and community at Venafi.
“The foundation then of cloud-native security is strong machine identity management. Without machine identities like TLS, SPIFFE and code-signing certificates, we wouldn't be able to authenticate one cloud from another or authorise one container from another.
IoT Tech Expo is the leading event for IoT, Digital Twins & Enterprise Transformation, IoT Security IoT Connectivity & Connected Devices, Smart Infrastructures & Automation, Data & Analytics and Edge Platforms.
The world-leading IoT conference & event series will arrive at the Olympia London on the 30 November – 1 December 2023 to host its seventh annual Global event.
The event will bring together key industries from across the globe for two days of top-level content and thought leadership discussions across 5 co-located events covering IoT, Cyber Security & Cloud, Blockchain, AI & Big Data, and Digital Transformation.