Utilization of containers in production environments, according to a Portworx industry report, have more than doubled in the past year as the ecosystem around the major orchestration platforms matures. This maps to what eWEEK is seeing in the industry overall. At the same time, the dominance of Kubernetes as the de facto choice for container orchestration has driven greater standardization, with the results of simplifying upper layer solutions like storage and security, and reducing vendor lock-in concerns as an obstacle to implementation. These data points are commonly known throughout the business.
Container orchestration has also driven increases in cloud migrations and more adoption of multi-cloud and hybrid cloud container deployments, analysts have said.
As one of the earliest providers of container security, NeuVector has seen firsthand the growing need to protect containers across the full application lifecycle. In this eWEEK Data Points article, CEO Fei Huang of NeuVector uses his industry information to highlight five key trends affecting container security now and into the near future.
Data Point No. 1: Attacks against container infrastructures are accelerating
The swell of container deployments has risen in lockstep with attacks, as bad actors have increasingly been recognizing and exploiting critical vulnerabilities within Kubernetes. Headlines continue to be made: hijacked Kubernetes deployments were used to introduce cryptomining containers to Tesla’s public cloud, malicious containers were found within Docker Hub’s public repository, among other news. It’s a predictable side effect of success that these attacks only figure to become more prevalent and more intricate – and also that container security must be a far bigger focus for enterprises and DevOps teams than it currently is.
Data Point No. 2: Security ‘Policy as Code’ is becoming a reality
Tools such as Kubernetes ConfigMaps and Custom Resource Definitions (CRDs) are enabling security products, configurations and rules to be automated into the CI/CD and DevOps pipeline. DevOps teams can analyze application behavior and declare the security policies for all new workload deployments in standard yYAML files, making the security integration process efficient and automated. Traditional security teams can also inject global security policies into the environment using the same tools, enabling them to modernize their security practices to be cloud-native.
Data Point No. 3: Security-mesh-within-service-mesh is gaining popularity as a new strategy for protecting containerized environments
As a trend, more enterprises have begun adding a security mesh on top of their service-mesh architecture as a way of achieving the application-aware protections required to thwart potential attacks. Hackers are demonstrating unprecedented sophistication in their attempts to infiltrate container orchestration solutions, circumventing traditional network and host security techniques and driving the need for equally sophisticated safeguards. When it comes to Kubernetes and container API exploits, it’s becoming clear that instant and automated security intelligence and responses will be what’s necessary to turn back such attacks.
Data Point No. 4: Container security is shifting both left and right
Enterprises are increasingly recognizing the risks that come from bolting on container security measures later in application development–such as vulnerability to zero-day attacks, unknown vulnerability exploits and even insider attacks–and have begun “shifting left” to implement security from the beginning of development. Similarly, as businesses increasingly use containers in production environments, security is also “shifting right” to better ensure container and orchestration platform security across the entire build-ship-run lifecycle.
Data Point No. 5: Containers are facilitating – and fueling – the shift to Cloud 2.0
Taking as a whole, rightfully-hot technologies such as containerization, serverless computing, the aforementioned service/security meshes and hyperscale and cross cluster management are proving to enterprises that their cloud infrastructures need not be VM-centric. Instead, businesses can become much more driven by services and data. Those pursuing this migration to so-called Cloud 2.0 are capitalizing on new opportunities to introduce cloud functions–from cloud-native security to networking to storage and more–that are designed to more dynamically (and much more instantly) address key business needs.
If you have a suggestion for an eWEEK Data Points article, email [email protected].