StackRox released the findings of the State of Containers and Kubernetes Security Report, Fall 2020. Security incidents remain high (90 percent), and nearly half of respondents have delayed rolling out applications into production because of security concerns (44 percent). At the same time, organizations have progressed in developing DevSecOps initiatives (83 percent have some form in place) and in maturing their container and Kubernetes security strategies (only 25 percent lack a strategy).
“These findings show how seriously organizations are taking the need to secure their cloud-native stack,” said Kamal Shah, president and CEO, StackRox. “It’s especially exciting to see so many organizations embrace DevSecOps as part of the solution to embedding security across the entire software supply chain.”
Security continues to top the list of respondent’s concerns with container strategies, and 90 percent of respondents have experienced a security incident - misconfigurations top the list, at 67 percent, followed by major vulnerabilities (22 percent), runtime incidents (17 percent), and failed audits (16 percent).
Other key findings include:
DevSecOps has crossed the chasm
Most respondents are in an early stage of DevSecOps, with 40 percent saying they’re starting to have DevOps and Security teams collaborate on joint policies and workflow. Another 27 percent say they’re integrating and automating security across the SDLC and 16 percent are implementing security as code. Only 17 percent of organizations have little to no collaboration between the teams.
More than half of Kubernetes deployments are self managed
Kubernetes continues to increase its dominance, with 91 percent of respondents using some form of Kubernetes to manage their containers. Self-managed Kubernetes continues to be popular, with 50 percent of respondents running open-source Kubernetes. Among managed Kubernetes offerings, Amazon EKS is most popular with 44 percent of respondents, followed by Azure AKS at 31 percent, IBM Red Hat OpenShift at 22 percent, and Google GKE at 19 percent.
Kubernetes skills shortage benefits managed Kubernetes service providers
Survey respondents cited both an internal skills shortage and a steep learning curve as the two most significant Kubernetes challenges impacting their companies. Those two challenges were identified as impacting 70 percent of organizations.
Hybrid deployment strategies remain most common
The hybrid model continues to be the most popular architectural approach to deploying containers, with 44 percent of respondents running containers both on prem and in the cloud. Respondents running cloud-only deployments stand at 41 percent, and on-premises only deployments remain relatively low at 15 percent, down from 31 percent in Fall 2018.
For hybrid, AWS Outposts, Microsoft Azure Arc, and OpenShift are neck in neck
When asked how they’re supporting hybrid or multi-cloud deployments, respondents highlighted AWS Outposts (31 percent), Azure Arc (30 percent), and OpenShift (28 percent) predominantly. Google Anthos came in fourth, at 16 percent.