Kubernetes security will take another big leap in 2022, as companies focus on cloud-native, container-based approaches to app development.
While it’s come a long way over the past year, Kubernetes security has not yet reached maturity. But judging from the level of investment in 2021 into technologies for securing Kubernetes—the now-dominant container orchestration platform—enterprises can expect major advancements in the area during the coming year. Originally launched as an open source project by Google in 2014 and now under the domain of the Cloud Native Computing Foundation, Kubernetes automates numerous processes involved in management and deployment of containerized applications. Developers have increasingly gravitated to the platform, which helps to support a modern approach to application development using a microservices architecture. Still, when it comes to securing Kubernetes, a new set of challenges emerge. With Kubernetes, “it’s really difficult to divorce the code development and the application development from the underlying architecture,” said Frank Dickson, program vice president for security and trust at IDC. In other words, the best way to secure Kubernetes is by going back and fixing base code when vulnerabilities are detected. This is a big part of why the concept of “ shift left “—or moving security to the start of the application development process—has become such a theme in the application security space, Dickson said. The fact that “shift left” has caught on suggests that big strides can now be made in terms of Kubernetes security, he told VentureBeat. Getting companies to grasp that securing containerized apps will involve bringing security earlier into the app development lifecycle is a crucial step. “We don’t yet know all the answers to the problem,” Dickson said. “But we’ve finally started to understand the questions.” A survey by the Cloud Native Computing Foundation found that 83% of respondents were using Kubernetes in production in 2020, up from 78% the previous year and 58% in 2018. But that’s made the platform a tempting target for cyber attackers: A survey by Red Hat in June found that 94% of respondents had suffered a Kubernetes security incident over the previous 12 months.
