A survey of 390 IT professionals published this week by StackRox, a provider of a security platform for Kubernetes, finds there has been a 51% increase in Kubernetes adoption in the last six months. A full 86% of respondents say they have now adopted Kubernetes, up from 57% a half a year ago.
More than two-thirds of organizations (69%) have containerized more than 10% of their applications, but only 13% have containerized more than half, according to the survey. The percentage of applications that have been containerized remains comparatively slight.
When those applications are deployed on Kubernetes, the survey finds, 44% of organizations have opted to self-manage their instances of Kubernetes, while the rest rely on some form of managed services from Amazon Web Services (27%), Microsoft (16%), Google (12%) and IBM Red Hat (12%).
Also according to the survey, 70% of respondents are running containers on-premises and 53% are running them both on-premises and in the public cloud. Only 17% are running containers only on-premises, a drop from 31% six months ago. In terms of where containers on public clouds are deployed, AWS has a massive lead at 78%, followed by Microsoft Azure (40%) and Google Cloud Platform (28%).
When it comes to their biggest container security concern, 60% of respondents identified misconfigurations and accidental exposures, up from 54% six months ago. Runtime remains the container lifecycle phase respondents worry about the most (43%), followed by deploy (35%) and build (22%). More than half of respondents deem seven core capabilities as “must-have” features: vulnerability management (75%), compliance (72%), visibility (71%), configuration management (66%), runtime threat detection (63%), network segmentation (60%) and risk profiling and prioritization (55%).
A total of 40% identified a lack of investment in container security as their biggest overall concern about their organization’s container strategy, followed by a lack of detailed planning (34%).
About two-thirds of organizations identified DevSecOps or DevOps teams as the groups primarily responsible for operationalizing container security. DevSecOps was the top group at 42% of respondents, followed by security teams at 34% and DevOps teams at 13%.
StackRox CEO Kamal Shah says with the rise of container applications based on open source code, many of the cybersecurity issues that have long-plagued theses projects are being exacerbated. Containers make it easier for developers to build applications faster. However, much of that software can contain vulnerabilities when developers wind up relying on outdated components that have not been updated. Containers, of course, make it easier to rip and replace that code, versus relying on cumbersome patch management processes. However, the DevSecOps processes required to make addressing those vulnerabilities a natural extension of a continuous application development and deployment process are still relatively immature, he notes.
On the plus side, the survey finds that 62% of respondents said container adoption is leading to increased cooperation between developers and cybersecurity teams within their organization. In fact, 45% report they are changing workflows within their organization to achieve that goal.
It’s pretty clear at this point that the rise of Kubernetes and container adoption is forcing e a wide range of longstanding issues within IT organizations. The only real question now isn’t so much whether IT organizations will be modernizing their IT processes, but rather to what degree.