Kubernetes safety can have a breakout yr in 2022

Whereas it’s come a good distance over the previous yr, Kubernetes safety has not but reached maturity. However judging from the extent of funding in 2021 into applied sciences for securing Kubernetes — the now-dominant container orchestration platform — enterprises can anticipate main developments within the space through the coming yr.

Initially launched as an open supply mission by Google in 2014 and now below the area of the Cloud Native Computing Basis, Kubernetes automates quite a few processes concerned within the administration and deployment of containerized purposes. Builders have more and more gravitated to the platform, which helps to help a contemporary method to utility growth utilizing a microservices structure.

Key questions

Nonetheless, on the subject of securing Kubernetes, a brand new set of challenges emerge. With Kubernetes, “it’s actually tough to divorce the code growth and the appliance growth from the underlying structure,” mentioned Frank Dickson, program vp for safety and belief at IDC.

In different phrases, the easiest way to safe Kubernetes is by going again and fixing base code when vulnerabilities are detected. This can be a massive a part of why the idea of “shift left” — or transferring safety to the beginning of the appliance growth course of—has turn into such a theme within the utility safety house, Dickson mentioned.

The truth that “shift left” has caught on means that massive strides can now be made by way of Kubernetes safety, he advised VentureBeat. Getting corporations to know that securing containerized apps will contain bringing safety earlier into the app growth lifecycle is a vital step.

“We don’t but know all of the solutions to the issue,” Dickson mentioned. “However we’ve lastly began to grasp the questions.”

Rising utilization

A survey by the Cloud Native Computing Basis discovered that 83% of respondents have been utilizing Kubernetes in manufacturing in 2020, up from 78% the earlier yr and 58% in 2018. However that’s made the platform a tempting goal for cyber attackers: A survey by Purple Hat in June discovered that 94% of respondents had suffered a Kubernetes safety incident over the earlier 12 months.

“After we ran every thing on a Home windows field or a Linux field, we may get into the machine and do no matter we would have liked to do. Containers don’t work like that,” mentioned George Burns, senior advisor for cloud operations at SPR. “If we don’t give them directions for safety, they don’t have any. Kubernetes itself is an incredible software. However the way in which it handles some safety shouldn’t be one of the best.”

Thus, in some ways, the innovation engines round Kubernetes safety are simply getting revved up now.

Whereas securing conventional purposes follows “very established processes, securing containers doesn’t,” Burns mentioned. “A variety of the innovation that we are going to see over the subsequent a number of cycles might be concerning container safety.”

Scaling up

At Aqua Safety, a vendor that has specialised in container safety since its launch in 2015, the previous yr has seen each elevated Kubernetes safety adoption in addition to “a shift within the scale of the initiatives which are being deployed into Kubernetes,” mentioned CEO Dror Davidoff.

The corporate is considered one of many within the Kubernetes safety house that raised main rounds of funding in 2021, with its $135 million sequence E spherical at a $1 billion valuation in March.

Others embrace Snyk, which raised a $530 million sequence F spherical at an $8.5 billion valuation in September; Wiz, which raised a $250 million sequence C spherical at a $6 billion valuation in October; Orca Safety, which prolonged its sequence C spherical to $550 million at a $1.8 billion valuation in October; Lacework, which raised $1.3 billion in November at an $8.3 billion valuation; and Sysdig, which raised a $350 million sequence G spherical at a $2.5 billion valuation in December.

Innovation push

Earlier-stage corporations working within the Kubernetes safety house embrace Armo, which has seen greater than 20,000 downloads for its open-source software Kubescape. The software permits builders to immediately scan Kubernetes environments for misconfigurations and vulnerabilities. Armo got here out of stealth with $4.5 million in seed funding in January.

In Kubernetes safety, “we’ve obtained various corporations which are coming to deliver new and modern applied sciences,” Dickson mentioned. “So we’re not simply doing what we as soon as did. We’re now beginning to use some actually elegant new approaches.”

Firms resembling Orca Safety and Wiz are leveraging block storage within the cloud to have the ability to take a snapshot of Kubernetes clusters after which analyze them, with out the necessity for an agent, he mentioned. Different examples embrace a Linux know-how known as eBPF, which permits the Linux kernel to be extra programmable, enhancing safety for Kubernetes environments, he mentioned.

“What we’re beginning to see is a bunch of latest applied sciences being utilized to securing Kubernetes,” Dickson mentioned.

In the meantime, publicly-traded safety companies together with Examine Level, Palo Alto Networks, and Qualys advised VentureBeat they’ve been doubling down on the addition of Kubernetes safety capabilities in 2021. In June, for example, Examine Level introduced the growth of its CloudGuard workload safety platform to incorporate container safety, with capabilities together with a “shift-left” software to safe container and serverless features previous to deployment.

An enormous alternative

Regardless of the brand new challenges with securing Kubernetes, containers do have potential safety benefits because of their “code-based” method, mentioned Qualys CEO Sumedh Thakar. That affords corporations “alternatives to do safety higher than in a standard atmosphere” via strategies resembling infrastructure as code (IaC) scanning, Thakar mentioned.

“That’s actually the thrilling a part of cloud and container — that we’ve got alternatives to scale back our threat earlier and earlier within the ‘shift left’ atmosphere,” he mentioned.

The underside line with Kubernetes safety, Dickson mentioned, is that “we’re not essentially mature. You can say that we’re in our adolescence.”

“As these new applied sciences are coming into our Kubernetes safety options, we’ve got to determine what they’re, after which we’ve got to combine them into our utility growth processes,” he mentioned. “And so it’s going to take a while to determine how we combine all these right into a workflow that doesn’t decelerate utility growth.”