Only 13.5% of IT pros have mastered security in the cloud native space

Canonical released data from a survey revealing the goals, benefits, and challenges of cloud-native technologies. The report has surveyed more than 1,300 IT professionals over the last year about their usage of Kubernetes, bare metal, VMs, containers, and serverless applications.

According to the survey, Kubernetes and cloud native technologies unlock innovation for organizations and allow them to achieve their goals. But the benefits of cloud native technologies vary, depending on their usage and the maturity of the organizations using them, with elasticity and agility, resource optimisation and reduced service costs identified as the top benefits, and security the most important consideration.

Cloud-native technologies challenges

83% of respondents are using either hybrid or multi-cloud. In the last year alone, the percentage of respondents who did not use hybrid or multi-cloud dropped from 22.4% to 16.4%.

Tim Hockin, principal software engineer at Google, discusses the reality behind that adoption: “People often build a straw man of hybrid or multi-cloud, with the idea of one giant mesh that spans the world and all the clouds, applications running wherever capacity is cheap and available. But in reality, that’s not at all what people are doing with it. What they’re actually doing is using each environment for just the things they have to use it for.”

Mark Shuttleworth, CEO of Canonical, said of the increasing growth of hybrid cloud in the enterprise: “The key question is: how much of what you do every day can you do on multiple different clouds without thinking about it? For me, the sensible thing for a medium or large institution is to have a fully automated private cloud and also relationships with at least two public cloud providers. This way, businesses essentially benchmark themselves on doing any given operation on the private cloud and on the two public clouds.”

14% of respondents said that they run everything on Kubernetes, over 20% said on bare metal and VMs, and over 29% said a combination of bare metal, VMs, and Kubernetes. This distribution shows how the flexibility of Kubernetes allows organizations to run the same type of workloads everywhere. Looking back at last year’s highlight, where Kelsey Hightower stated that bare metal was a better choice for compute and resource-heavy use cases such as interactive machine learning jobs, it seems that the tune is changing. Actually, as running Kubernetes is becoming more accessible, Alexis Richardson speculates that organizations would further adopt Kubernetes on bare metal if they knew it was possible.

38% of respondents suggest that security is the most important consideration, whether operating Kubernetes, building container images, or defining an edge strategy. Keeping clusters up-to-date is a definitive best practice to solve security issues. However, according to Jose Miguel Parrella, principal architect at Microsoft, it is not as embedded within IT infrastructure strategy as one could expect.

Today, it is more of a Day-30 discussion that only occurs within the small team of Kubernetes maintainers of every organization. Combined with the fact that only 13.5% of people reported that they have “mastered” security in the cloud native space, it is clear that organizations have some room to grow when it comes to properly adopting and managing Kubernetes in production.

Nearly 50% of respondents reported that lack of in-house skills and limited manpower were the biggest challenges when migrating to or using Kubernetes and containers. Ken Sipe, senior enterprise architect and co-chair of the Operator SDK, comments: “When people mention the lack of skill as a blocker, the truth is that they are often already in an environment where they are ready to do the next thing but don’t have the infrastructural or organizational support to do so. It is also a matter of buy versus build: when buying a solution and associated service, an organization benefits from leveraging external resources and skillsets without having to build the capability in-house. When building it in house, the organization can benefit from implementing its engineering discipline, which could be a useful differentiator.”