Security and compliance still a challenge for container architectures

While adoption of container architectures and microservices continues at an impressive pace, maintaining automated and proactive security and compliance is a particularly acute challenge for respondents, a NeuVector survey of more than 1,200 enterprise DevOps professionals reveals.

container architectures challenge

More than 89% of these survey respondents have container deployments active, and 88% are planning additional container deployments in the next 6-12 months. Kubernetes is the most used orchestration platform among respondents, followed by Red Hat OpenShift and Rancher.

AWS took the top three positions among cloud platforms used, with respondents naming AWS EC2, AWS EKS, and AWS Fargate as the most popular options.

But most interestingly: while container and Kubernetes security was cited as a top concern, many respondents also reported that their current security tools and practices are not well-matched for meeting ongoing (and continually escalating) security requirements.

Kubernetes runtime security is a growing concern

Almost three-fourths of respondents had concern over their Kubernetes runtime security – including their risk of network attacks, man-in-the-middle attacks, and cryptomining. While 64% report having visibility into the sensitive information being accessed from their Kubernetes environments, Kubernetes itself obfuscates some of this information through a layer of abstraction.

In reality, many respondents who claim this visibility likely lack insights into Kubernetes API server access, pod-to-pod communication, the encryption status of connections, and other areas of concern.

Survey responses also indicated confusion over what vulnerability scanning tools and additional cloud provider or vendor protections respondents have available, suggesting that many organizations are likely less protected than they might assume.

An over-reliance on built-in Kubernetes security policies is worrisome

Seventy-two percent of respondents rely on Kubernetes Network Policy (KNP) and/or Pod Security Policy (PSP) to protect their Kubernetes deployments. While these built-in policies offer basic security, they do not provide adequate protections to properly insulate organizations from risks. This is especially true with PSP, which was deprecated in June 2021. To achieve fully-reliable Kubernetes protections, organizations require more granular and automated Kubernetes-native security capabilities.

Multi-cloud deployments multiply an organization’s security concerns

70% of respondents either have plans to scale their Kubernetes workloads across multiple clouds, or already do so. These multi-cloud deployments multiply an organization’s security concerns by increasing the difficulty of managing security across platforms and policies across different clusters. These enterprises require a Kubernetes-native security strategy capable of deploying automated security and supporting each cloud and platform in use.

Compliance tool adoption lags, but remains essential

Just 20% of respondents have a compliance tool in place for their container and Kubernetes environments. This area in particular is a target for growth, as enterprises subject to regulations such as PCI-DSS, SOC-2, GDPR and others require automated compliance scanning and reporting capabilities in their production environments.

“Most respondents express concern over the security of their container environments, and especially their Kubernetes deployments in production,” said Glen Kosaka, VP of Product Management, NeuVector.

“But it’s clear that concern needs to turn into action. Many are likely overestimating the capabilities of their current container security and compliance processes – and as headlines continue to show, container environments are an increasingly inviting target for attacks.”

Don't miss