The analyst firm Gartner predicts that by 2023, 70% of organizations will be running three or more containerized applications in production. Containers, Kubernetes, and microservices application patterns are three of the leading drivers of enterprise IT innovation and digital transformation. Companies have embraced these technologies for their advantages in application development and deployment.
While Gartner looks to the future to predict container adoption for 2023, below are today’s top 6 container adoption trends that we uncovered in our latest State of Container and Kubernetes Security survey report.
1. Organizations are diving head-first into containerizing their applications.
Data from this survey shows a great surge in containerization of apps. Since our last report six months ago, the percentage of organizations that have containerized more than half of their applications increased from 23% to 29%, a growth rate of 22%. At the same time, the number of organizations that have containerized fewer than 10% of their apps fell from 32% to 21%.
2. Organizations have far more containerized applications in production today than six months ago.
Not only are organizations containerizing more of the apps – they’re also running more of those containerized apps in production. The percentage of organizations with more than half their containers running in production jumped from 22% to 29% in the past six months, a growth rate of 32%. In the same time period, organizations running fewer than 10% of their containers in production has fallen from 39% to 28%.
The State of Container and Kubernetes Security Report
Download the full report to learn about the frequency and types of security incidents, top security challenges, and other container and Kubernetes market trendsDownload Now
3. For cloud deployments, AWS continues to dominate, but the race for #2 heats up.
As expected, Amazon Web Services (AWS) continues to dominate the container market, but the race for second has tightened. While Microsoft Azure remains in second place, Google Cloud Platform (GCP) has grown its third-place standing from 28% six months ago to 35% today. That GCP rivals Azure so closely might not be surprising, since Google was one of the first enterprises to use containers at scale for their own products, created Borg (predecessor to Kubernetes) to manage containers, and eventually developed and open sourced Kubernetes before donating it to the Cloud Native Computing Foundation (CNCF). Also, Google Kubernetes Engine (GKE) is one of the most feature-rich managed Kubernetes services in the market, especially in the area of cluster management – again, in large part due to Google’s deep experience orchestrating containers at scale.
4. Container maturity of Azure users lags both GCP and the overall population.
Azure users tend to be earlier in their container adoption journey than organizations running on AWS or GCP. Only 20% of Azure users have containerized more than half of their applications, significantly lower than the 33% across all non-Azure users. Correspondingly, fewer Azure users have more than half their containerized apps deployed in production environments – 22% vs. 34% for all non-Azure respondents.
In contrast to Azure users, GCP users are ahead of the curve in their container adoption. Nearly a third (31%) of GCP users have containerized more than half their applications, which is slightly higher than the 27% across all non-GCP respondents. Likewise, a greater number of GCP users have more than half their containerized apps deployed in production environments – 31% vs. 29% for non-GCP users.
5. Containers require and facilitate closer collaboration between DevOps and Security.
Given that security remains the number one concern with container strategies, the good news in solving the container security challenge is that DevOps and security teams are already working together more closely. This trend makes sense, given that containers and Kubernetes themselves help unify what had been very separate disciplines of infrastructure and security. With containers and container orchestrators like Kubernetes, controls are part of the infrastructure, enabling organizations to make progress on instantiating “security as code.”
6. Organizations are increasingly looking to DevOps to take lead in securing containerized applications.
Across all operations roles, DevOps is considered the party most responsible for managing container security, with 81% of respondents selecting that role, followed by security at a distant 51%. However, when it comes to container and Kubernetes security, it takes a village. We see considerable overlap between different roles considered responsible for security. Of the 81% that believe DevOps should take lead in managing container security for example, nearly half of those same respondents (48%) also selected security (the question allowed for multiple selections). The venn diagram below shows the extent to which container security responsibility is shared among different teams and roles. Container and Kubernetes security tooling must therefore facilitate close collaboration among different teams – from Security to DevOps to Ops and Developers – instead of perpetuating the silos that often plague organizations.
Implications for container and Kubernetes security
Organizations are rapidly adopting containers in production environments and often doing so in both on-premises and public cloud environments (frequently in multiple clouds), therefore security must apply consistently wherever their cloud-native assets are running. Given most organizations expect DevOps or DevSecOps teams to run container security platforms, the security tooling must help bridge security and DevOps by shifting security to the left and seamlessly protecting containers across the entire lifecycle.