We recently repeated our survey of IT and security practitioners to understand the state of security in your container and Kubernetes environments.
In our inaugural survey last year, the key findings included:
- Lack of adequate security strategy topped the list of container strategy concerns
- Runtime was the lifecycle phase that was of most concern from a security perspective
- Kubernetes was used by just over half (57%) of respondents for container orchestration
This time around we expanded the audience from 230 to more than 390 IT and security practitioners. The data show fast maturation across a number of key areas, including defining a strategy for container security, moving more containerized workloads into production, and continued acceleration of Kubernetes adoption.
What follows is a list of five key takeaways from our updated survey report that highlight the progress the industry has made in adopting and securing cloud-native technologies. We also identify the top areas that need additional attention (download your copy today.)
1 - Container security strategies are becoming more mature
Although 34% of respondents note they still have no container security strategy or are in planning stages, that’s down from 37% six months ago. What’s more promising is the growth in respondents with intermediate or advanced security strategies. Today, 41% of respondents believe they have at least an intermediate level security strategy – up from 30% six months ago – which is a remarkable 37% growth rate.
2 - Misconfigurations pose a greater security risk than ever before
The analyst firm Gartner has long held that 95% of cloud security failures are the customer’s fault. Containers and Kubernetes stretch across cloud, on-premises, and hybrid environments, but as has long been the case in security, most security incidents and failures continue to be caused by preventable user error. The percent of respondents identifying misconfigurations and accidental exposures as their biggest security concern increased from 54% to 60%.
3 - Close to 9 out of 10 respondents say they use Kubernetes to orchestrate their containers, up from 57% just six months ago
The percent of respondents using Kubernetes has grown from 57% to 86%, across various deployment modes, including self-managed clusters; managed services such as Amazon EKS, Azure AKS, and Google GKE; and Kubernetes distributions such as Red Hat OpenShift and Docker Enterprise Edition.
4 - Containers are being deployed in every type of environment, with hybrid cloud/on prem being the dominant model
More than half of respondents (53%) are running in hybrid mode now compared to our last survey six months ago, in which 40% were running in hybrid mode. Conversely, the percentage of organizations running containers only on premises has dropped nearly in half (from 31% to just 17%), while cloud-only deployments have remained steady. One way to interpret these data is that far more organizations are transitioning from on-premises-only application environments to having a mix of cloud and on-prem deployments than those organizations that are completely divesting from their data centers and taking a cloud-only approach.
5 - DevSecOps is increasingly the role that is seen as responsible for container and Kubernetes security
Across all operations roles, DevSecOps saw the largest increase in being named the responsible party for securing containers and Kubernetes, going from 24% last time to 31% now. We see an even larger jump in allocation of responsibility to DevSecOps when we isolate responses from those who are in a security or compliance role, with 42% believing DevSecOps to be the most appropriate role for ensuring container and Kubernetes security.