New Research from Venafi Reveals Top Trends and Challenges Impacting State of Cloud Native Security
Venafi, the inventor of machine identity management released findings of its latest research report, The Impact of Machine Identities on the State of Cloud Native Security in 2023. The report examines the top threats and challenges impacting the state of cloud native security at organizations including their approach to cloud native security, challenges faced, ownership among security and development teams, and the foundational role machine identities play within cloud native security.
CIO INFLUENCE News: Montage Technology Leads in Trial Production of 3rd-Gen DDR5 RCDs
“Project Managers Explain Cert-Manager in 5 Levels of Difficulty”
To maintain a competitive edge, modern organizations are evolving toward highly scalable, flexible and resilient applications – leading to the widespread adoption of cloud native technologies like Kubernetes. In fact, 84% of security and IT leaders believe that Kubernetes will soon be the main platform used to develop all applications. However, amid the rush to transition to these modern environments, many development teams are putting security on the back burner, creating new risks and opportunities for nefarious cybercriminals. Venafi’s survey found that organizations are grappling with the unique risks of cloud native environments when it comes to security – with three-quarters of survey respondents reporting that they believe we are heading towards a cloud reckoning in terms of costs and security.
“Balancing speed and security is no easy feat, but it’s a necessity for organizations today,” said Kevin Bocek, VP of ecosystem and community at Venafi. “It’s critical for security and platform teams to get cloud native security right – there is no perimeter, no pull-the-plug in the cloud. The foundation then of cloud native security is strong machine identity management. Without machine identities like TLS, SPIFFE and code signing certificates, we wouldn’t be able to authenticate one cloud from another or authorize one container from another. The findings from Venafi’s new survey indicate that organizations are not prepared for the demands and risks that these modern architectures bring.”
CIO INFLUENCE News: Sysdig Debuts New Benchmark for Cloud Detection and Response
Additional findings from the Impact of Machine Identities on the State of Cloud Native Security in 2023 report include:
- Cloud Native Confusion and Kubernetes Concerns – Organizations are moving to the cloud but are doing so blindly without prior consideration for cloud native security in mind. Eighty-seven percent of security and IT leaders have started moving legacy applications to the cloud; however, more than half of those leaders (59%) did not understand the associated security risks. In fact, 59% of respondents admit to having experienced security-related issues within Kubernetes or container environments. Moreover, three-quarters of respondents acknowledged that the speed and complexity of Kubernetes and containers create new security blind spots. For 33% of respondents, security issues delayed an application launch, while 32% experienced disruption to application services. Security and IT leaders cite the main causes of Kubernetes and container security issues as network breaches (42%), API vulnerabilities (41%) and certificate misconfiguration (39%).
- Unclear Ownership of Cloud Native Security: Despite acknowledging these cloud native security issues, there are no clear delineations around ownership from beginning to end. For example, 85% of security teams report setting the strategy for managing security risk and governance across cloud native environments. However, the actual implementation of security tools, governance and policies is split among development, security and platform teams, with a slight majority going to the development teams (41%). What’s more, 74% of respondents worry that developers are challenged with several conflicting priorities, so security is not always top of mind. Finally, 90% believe security teams need to increase their understanding of cloud native environments to ensure applications are secure.
- Machine Identity Management: The Missing Piece?: It’s clear that better management of machine identities can help solve for the tradeoff between speed and security. For example, 70% of security and IT leaders believe that software supply chain attacks are their biggest security blind spot. Additionally, 85% believe that continuous security validation to the CI/CD pipeline is vital to reducing the risk of vulnerabilities going undetected during the software development lifecycle. Sixty-one percent acknowledge they cannot issue certificates at the speed needed in Kubernetes and service mesh. Finally, 88% believe that machine identity management is essential to the success of zero trust models.
CIO INFLUENCE News: Lexsoft Launches Fully Cloud-Enabled Knowledge Management Solution, Lexsoft T3
[To share your insights with us, please write to sghosh@martechseries.com]