Cloud Security

A recent study released by Canonical reveals that cloud native security has yet to be mastered by IT professionals.  Only 13.5% of IT pros surveyed have mastered security in the cloud native space.  The study also shows the goals, benefits and challenges of cloud-native technologies.  The study asked about the use of Kubernetes, bare metal, VMs, containers, and serverless applications.

At a first glance the survey reveals that Kubernetes and cloud native technologies unlock innovation for organizations and allow them to achieve their goals, while the benefits of cloud native technologies vary.  For the cloud it depends on the usage and maturity of the organizations employing the cloud.  The top benefits identified so far are elasticity and agility, as well as resource optimization and reduced service costs.

Security is found to be the most important consideration.

A majority of IT pros (83%) use hybrid or multi-cloud and in the last year alone, those who did not use hybrid or multi-cloud dropped from 22.4% to 16.4%.  Experts provided their two cents on the use of hybrid or multi-cloud.

Tim Hockin, principal software engineer at Google, finds that businesses use each environment for just the thing they need and that it is not a giant mesh of applications and clouds running all the time.

Mark Shuttleworth, CEO of Canonical, shares that having one automated private cloud, plus at least two public cloud providers is ideal for the work that medium and large institutions have to fulfill.

Another interesting data point from the survey is that 14% of IT pros run everything on Kubernetes; over 20% run everything on bare metal and VMs; and over 29% use a combination of bare metal, VMs, and Kubernetes.  The reason for these numbers is that Kubernetes is very flexible and gives organizations the opportunity to run the same type of workloads everywhere.

Alexis Richardson, CEO Weaveworks, hypothesizes that Kubernetes would be picked over bare metal if more organizations knew about the option.  On the other hand, Kelsey Hightower stated last year that she sees bare metal as the better choice for compute and resource-heavy use cases.

When it comes to security, 38% of IT pros say it is the most important consideration.  It doesn’t matter if you are operating Kubernetes, building container images, or defining an edge strategy.  In all cases, solving security issues is a definite best practice.

Unfortunately, as principal architect at Microsoft (Jose Miguel Parrella) points out, security is not embedded within the IT infrastructure strategy as one could expect it to be.  The conversation of Kubernetes takes place with a small team every 30 days or more. IT pros don’t have mastery over security in the cloud native space, as you may recall it is only 13.5% that the survey finds have mastered this space.  Organizations have room for growth when it comes to adopting and managing Kubernetes in production.

To close the survey findings, it finds that nearly 50% of organizations report lacking the in-house skills and having limited manpower as the biggest obstacles to migrating to or using Kubernetes and containers.  Ken Sipe, senior enterprise architect and co-chair of the Operator SDK, comments on this data point.  He says that without the people an organization can’t put the infrastructure in place even though they’re ready.  Also, the difference between buy and build is important.  When you buy you can use the solution and services that support your usage of it.  When it’s in-house you are building from inside, so you handle everything within the organization.

If there’s anything you need to support your cloud security reach out for a free consultation with one of our experts here: https://calendly.com/ncxgroup

 

 

Photo courtesy of Maksim Kabakou