“Full speed ahead” mentality in cloud native space causing security headaches

Red Hat Logo pictured at KubeCon 2023 in Amsterdam
(Image credit: Ross Kelly, IT Pro)

More than two-thirds (67%) of DevOps professionals have actively “slowed down” cloud native adoption due to lingering security concerns, according to a study from Red Hat. 

The report from Red Hat, based on a survey of 600 DevOps, engineering, and security professionals globally, highlighted security-related concerns as a key barrier to the adoption of cloud native technologies such as Kubernetes. 

More than one-third (38%) of respondents said that they don’t believe cloud native security is “taken seriously” enough and that security investment is inadequate. 

These security concerns represent a long-running theme in the cloud native space, Red Hat’s report noted. 

Over the past several years, adoption rates have grown rapidly amid a marked increase in cloud native technologies and heightened interest among large enterprises. 

But this growth rate is a key factor in why security concerns continue to loom heavy on the minds of engineers and security professionals, according to Fevzi Konduk, head of ecosystem market incubation at Red Hat. 

RELATED RESOURCE

Blue whitepaper cover with title

(Image credit: TrendMicro)

Prioritize Zero Trust for better cloud security

Working together to enable a Zero Trust approach

DOWNLOAD FOR FREE

Speaking to ITPro at KubeCon in Amsterdam, Konduk said that the rapid evolution of cloud native technologies and the relative immaturity in the space are proving a key barrier to operational alignment and presenting dynamic security considerations.  

“Because the technology is evolving so fast, especially around cloud native workloads and the architecture and technology that drives that, behaviors change quite drastically,” he said. 

“This is not a saturated market, or a market that’s reached complete maturity yet,” Konduk added. “It’s still evolving and this is an underlying reason why there are significant security issues.”

Rapid development causing security headaches

A main driver of the uptake in cloud native technologies is the agility it provides to enterprises, the Red Hat study noted. 

“Faster time to market, adaptability, and reliability are all benefits of cloud native technologies and key drivers for enterprises to digitally transform their IT infrastructure,” the report said. 

However, Konduk said that because developers “are full speed ahead”, other functions within the enterprise are struggling to understand or accommodate for rapid rollout of cloud native technologies.

“The developers want to develop as fast as possible and have flexibility, but operations can’t always come up to speed and fully understand what they’re operating or consider potential security issues,” he said. 

“That’s why we talk about DevOps to try and bring this together. But it also means a major fundamental change in the process of how you do development and handle potential security scenarios,” he added. 

Greater engagement between DevOps teams and the security function was highlighted as a key necessity for organizations continuing to steam ahead with cloud native technology development, Konduk said. 

Recent research from Palo Alto Networks found that this closer relationship between vital functions is improving somewhat. 

Its 2023 State of Cloud Native Security report found that many companies are “encouraging a deeper level of engagement between application developers and security tools and teams”. 

81% of respondents said that they have embedded security professionals within their DevOps teams and have witnessed a marked improvement in their ability to identify security issues that might have previously gone unnoticed. 

Security failures cause significant business impact

Failing to adequately address potential security concerns can have a significant impact on businesses, the study found. 

37% of respondents identified revenue and/or customer loss due to a container or Kubernetes security incident. 

“These incidents could result in the delay of critical projects or product releases, as businesses must prioritize security efforts to address the vulnerabilities that were missed in the development stage,” the report said. 

This delay could have a major long-term “ripple effect” on the business, resulting in further lost revenue, customer dissatisfaction or potential loss of market share to competitors. 

“Those types of occurrences can also erode customer trust,” the study added.

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.