More than two-thirds (67%) of DevOps professionals have actively “slowed down” cloud native adoption due to lingering security concerns, according to a study from Red Hat.
The report from Red Hat, based on a survey of 600 DevOps, engineering, and security professionals globally, highlighted security-related concerns as a key barrier to the adoption of cloud native technologies such as Kubernetes.
More than one-third (38%) of respondents said that they don’t believe cloud native security is “taken seriously” enough and that security investment is inadequate.
These security concerns represent a long-running theme in the cloud native space, Red Hat’s report noted.
Over the past several years, adoption rates have grown rapidly amid a marked increase in cloud native technologies and heightened interest among large enterprises.
But this growth rate is a key factor in why security concerns continue to loom heavy on the minds of engineers and security professionals, according to Fevzi Konduk, head of ecosystem market incubation at Red Hat.
RELATED RESOURCE
Prioritize Zero Trust for better cloud security
Working together to enable a Zero Trust approach
Speaking to ITPro at KubeCon in Amsterdam, Konduk said that the rapid evolution of cloud native technologies and the relative immaturity in the space are proving a key barrier to operational alignment and presenting dynamic security considerations.
“Because the technology is evolving so fast, especially around cloud native workloads and the architecture and technology that drives that, behaviors change quite drastically,” he said.
“This is not a saturated market, or a market that’s reached complete maturity yet,” Konduk added. “It’s still evolving and this is an underlying reason why there are significant security issues.”
Rapid development causing security headaches
A main driver of the uptake in cloud native technologies is the agility it provides to enterprises, the Red Hat study noted.
“Faster time to market, adaptability, and reliability are all benefits of cloud native technologies and key drivers for enterprises to digitally transform their IT infrastructure,” the report said.
However, Konduk said that because developers “are full speed ahead”, other functions within the enterprise are struggling to understand or accommodate for rapid rollout of cloud native technologies.
“The developers want to develop as fast as possible and have flexibility, but operations can’t always come up to speed and fully understand what they’re operating or consider potential security issues,” he said.
“That’s why we talk about DevOps to try and bring this together. But it also means a major fundamental change in the process of how you do development and handle potential security scenarios,” he added.
Greater engagement between DevOps teams and the security function was highlighted as a key necessity for organizations continuing to steam ahead with cloud native technology development, Konduk said.
Recent research from Palo Alto Networks found that this closer relationship between vital functions is improving somewhat.
Its 2023 State of Cloud Native Security report found that many companies are “encouraging a deeper level of engagement between application developers and security tools and teams”.
81% of respondents said that they have embedded security professionals within their DevOps teams and have witnessed a marked improvement in their ability to identify security issues that might have previously gone unnoticed.
Security failures cause significant business impact
Failing to adequately address potential security concerns can have a significant impact on businesses, the study found.
37% of respondents identified revenue and/or customer loss due to a container or Kubernetes security incident.
“These incidents could result in the delay of critical projects or product releases, as businesses must prioritize security efforts to address the vulnerabilities that were missed in the development stage,” the report said.
This delay could have a major long-term “ripple effect” on the business, resulting in further lost revenue, customer dissatisfaction or potential loss of market share to competitors.
“Those types of occurrences can also erode customer trust,” the study added.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Walking the line: GitOps and Shift Left securityWhitepaper Scalable, developer-centric supply chain security solutions
-
IBM LinuxONE for dummiesWhitepaper Secure your data, build an open hybrid cloud environment, and realise the cost benefits of consolidation
-
Bridging the DevSecOps divide: Spotlight on zero trustWhitepaper Security at the forefront
-
70% of IT workers skip key security steps due to work pressuresNews Report finds that a fifth of DevOps and security professionals have considered quitting their jobs due to stress
-
GitLab patches API flaw that exposed private group dataNews GitLab private projects that were formerly public could have been accessed through search APIs
-
What is DevSecOps and why is it important?In-depth This new flavour of DevOps is helping organisations rapidly implement security by design
-
The journey of security in a DevOps environmentWhitepaper “Shift left” to fit security into the DevOps environment
-
GitHub now warns you about flaws affecting your Python codeNews Code repository will also offer admins fixes from the developer community
