Kubernetes runtime security is a growing concern

Image via Freepik

NeuVector announced the findings of its 2021 EU Container Security Survey. The new report finds that while adopting container architectures and microservices continues at an impressive pace, maintaining automated and proactive security and compliance is a particularly acute challenge for respondents.

NeuVector polled more than 1,200 enterprise DevOps professionals attending KubeCon EU 2021. More than 89% of these survey respondents have active container deployments and 88% plan additional container deployments in the next 6-12 months. Kubernetes is the most used orchestration platform among respondents, followed by Red Hat OpenShift and Rancher. AWS took the top three positions among cloud platforms used, with respondents naming AWS EC2, AWS EKS, and AWS Fargate the most popular options. But most interestingly: while container and Kubernetes security was cited as a top concern, many respondents also reported that their current security tools and practices are not well-matched for meeting ongoing (and continually escalating) security requirements.

2021 EU Container Security Survey highlights:

Kubernetes runtime security is a growing concern.

Almost three-fourths of respondents had concern over their Kubernetes runtime security – including their risk of network attacks, man-in-the-middle attacks, and cryptomining. While 64% report having visibility into the sensitive information being accessed from their Kubernetes environments, Kubernetes itself obfuscates some of this information through a layer of abstraction. In reality, many respondents who claim this visibility likely lack insights into Kubernetes API server access, pod-to-pod communication, the encryption status of connections, and other areas of concern. Survey responses also indicated confusion over what vulnerability scanning tools and additional cloud provider or vendor protections respondents have available, suggesting that many organizations are likely less protected than they might assume.

An over-reliance on built-in Kubernetes security policies is worrisome.

Seventy-two percent of respondents rely on Kubernetes Network Policy (KNP) and Pod Security Policy (PSP) to protect their Kubernetes deployments. While these built-in policies offer basic security, they do not provide adequate protections to insulate organizations from risks properly. This is especially true with PSP, which was deprecated in June 2021. To achieve fully reliable Kubernetes protections, organizations require more granular and automated Kubernetes-native security capabilities.

Organizations using Kubernetes across multiple clouds must address security implications.

Most – 70% – respondents either have plans to scale their Kubernetes workloads across multiple clouds or already do so. These multi-cloud deployments multiply an organization’s security concerns by increasing the difficulty of managing security across platforms and policies across different clusters. These enterprises require a Kubernetes-native security strategy to deploy automated security and support each cloud and platform in use.

Compliance tool adoption lags but remains essential.

Just 20% of respondents have a compliance tool in place for their container and Kubernetes environments. This area, in particular, is a target for growth, as enterprises subject to regulations such as PCI-DSS, SOC-2, GDPR and others require automated compliance scanning and reporting capabilities in their production environments.

“Most respondents express concern over the security of their container environments, and especially their Kubernetes deployments in production,” said Glen Kosaka, VP of Product Management, NeuVector. “But it’s clear that concern needs to turn into action. Many are likely overestimating the capabilities of their current container security and compliance processes – and as headlines continue to show, container environments are an increasingly inviting target for attacks. We look forward to helping organizations better understand both their true security requirements and the reliable security capabilities available to protect their environments fully. Achieving end-to-end container security and maintaining application development velocity and agility is not an either-or decision that enterprises should have to make.”

The complete survey report can be accessed here: https://go.neuvector.com/2021-security-survey-kubecon-eu

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.