New Research from Venafi Reveals Top Trends and Challenges Impacting State of Cloud Native Security
Venafi, the inventor of machine identity management, today released findings of its latest research report, The Impact of Machine Identities on the State of Cloud Native Security in 2023. The report examines the top threats and challenges impacting the state of cloud native security at organizations today, including their approach to cloud native security, challenges faced, ownership among security and development teams, and the foundational role machine identities play within cloud native security.
To maintain a competitive edge, modern organizations are evolving toward highly scalable, flexible and resilient applications – leading to the widespread adoption of cloud native technologies like Kubernetes. In fact, 84% of security and IT leaders believe that Kubernetes will soon be the main platform used to develop all applications. However, amid the rush to transition to these modern environments, many development teams are putting security on the back burner, creating new risks and opportunities for nefarious cybercriminals. Venafi’s survey found that organizations are grappling with the unique risks of cloud native environments when it comes to security – with three-quarters of survey respondents reporting that they believe we are heading towards a cloud reckoning in terms of costs and security.
“Balancing speed and security is no easy feat, but it’s a necessity for organizations today,” said Kevin Bocek, VP of ecosystem and community at Venafi. “It’s critical for security and platform teams to get cloud native security right – there is no perimeter, no pull-the-plug in the cloud. The foundation then of cloud native security is strong machine identity management. Without machine identities like TLS, SPIFFE and code signing certificates, we wouldn’t be able to authenticate one cloud from another or authorize one container from another. The findings from Venafi’s new survey indicate that organizations are not prepared for the demands and risks that these modern architectures bring.”
Additional findings from the Impact of Machine Identities on the State of Cloud Native Security in 2023 report include:
- Cloud Native Confusion and Kubernetes Concerns – Organizations are moving to the cloud but are doing so blindly without prior consideration for cloud native security in mind. Eighty-seven percent of security and IT leaders have started moving legacy applications to the cloud; however, more than half of those leaders (59%) did not understand the associated security risks. In fact, 59% of respondents admit to having experienced security-related issues within Kubernetes or container environments. Moreover, three-quarters of respondents acknowledged that the speed and complexity of Kubernetes and containers create new security blind spots. For 33% of respondents, security issues delayed an application launch, while 32% experienced disruption to application services. Security and IT leaders cite the main causes of Kubernetes and container security issues as network breaches (42%), API vulnerabilities (41%) and certificate misconfiguration (39%).
- Unclear Ownership of Cloud Native Security: Despite acknowledging these cloud native security issues, there are no clear delineations around ownership from beginning to end. For example, 85% of security teams report setting the strategy for managing security risk and governance across cloud native environments. However, the actual implementation of security tools, governance and policies is split among development, security and platform teams, with a slight majority going to the development teams (41%). What’s more, 74% of respondents worry that developers are challenged with several conflicting priorities, so security is not always top of mind. Finally, 90% believe security teams need to increase their understanding of cloud native environments to ensure applications are secure.
- Machine Identity Management: The Missing Piece?: It’s clear that better management of machine identities can help solve for the tradeoff between speed and security. For example, 70% of security and IT leaders believe that software supply chain attacks are their biggest security blind spot. Additionally, 85% believe that continuous security validation to the CI/CD pipeline is vital to reducing the risk of vulnerabilities going undetected during the software development lifecycle. Sixty-one percent acknowledge they cannot issue certificates at the speed needed in Kubernetes and service mesh. Finally, 88% believe that machine identity management is essential to the success of zero trust models.
To download the full report and read all findings, visit https://venafi.com/lp/cloud-native-security-report-2023.
Additional Resources
- Infographic
- Blog post
- Video
Methodology
To better understand the state of cloud native machine identity management, Venafi sponsored an independent survey of 800 security and IT leaders in large organizations across the U.S., U.K., France, and Germany. The goal was to gather data that revealed how companies are approaching cloud native security, where they are facing challenges, which trends they are adopting, and who is responsible for setting strategy and implementing security and machine identity management in cloud native environments.
Venafi at KubeCon + CloudNativeCon North America
KubeCon + CloudNativeCon North America 2023 attendees can visit Venafi’s open source cert-manager booth at F12 in the Project Pavilion. Venafi will also present “Project Managers Explain Cert-Manager in 5 Levels of Difficulty” on Wednesday, November 8 at 2:30pm CST and Kubernetes Confessions: Tales of Overspending and Redemption” on Thursday, November 9 at 4:00pm CST.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!