Facing the Security Challenges of Cloud-Native Applications
June 14, 2022

Growth in cloud-native workloads surged with the rapid digitalization caused by the pandemic and the need for more agile, powerful development tools. By 2025, Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021.

Three-quarters (75%) of companies are focusing development on cloud-native applications, according to the The State of Cloud-Native Security report from Tigera.

The increased development and deployment of cloud-native applications also creates the need for more advanced observability and security capabilities.

"Organizations are only just beginning to unlock the potential of cloud-native applications," said Ratan Tipirneni, President and CEO, Tigera. "At the same time, however, these unprecedented innovations have created unforeseen challenges–evidenced by the majority of IT professionals naming security as a top challenge when it comes to cloud-native application deployment cycles."

Cloud-native applications are gaining momentum but also present security, compliance, and observability issues:

■ 97% of companies reported observability challenges with cloud-native applications.

■ 96% of companies said that cloud-native application challenges are leading to slower deployment cycles, with 67% naming security as the top challenge.

■ 69% of companies identified container-level firewalls (IPS/IDS, WAF, DDoS, DPI, etc.) as the top need for network security for cloud-native applications.

■ 76% of organizations need runtime visualization for cloud-native applications.

Organizations require security solutions for runtime, access, and networking for containers:

■ 99% of companies indicated containers require access to other applications and services.

■ 98% need container security, with runtime security topping the list.

■ 99% of companies require network security for containerized applications.

Cloud-native and container compliance requirements are driving delays and challenges for organizations:

■ 87% of companies said meeting compliance requirements is critical for their company, and 84% of respondents said that meeting compliance requirements for cloud-native applications is challenging.

■ 95% said they have compliance requirements for cloud-native applications.

■ 63% of companies must provide container-level information for compliance requirements.

■ 90% said audit reports are challenging to produce.

Adopting tools that increase visibility and provide security at the container, application, and network levels can help enterprises address cloud-native security, including threat prevention by reducing the application attack surface; threat detection by monitoring for both known and unknown threats; and threat mitigation by quickly resolving risks from exposure. These tools remove barriers and delays during development and deployment while also reducing the risk of delayed time to market, security vulnerabilities, and compliance violations.

Methodology: The report yielded responses from 304 security and IT professionals globally (those with direct container responsibilities).

Share this

Industry News

March 20, 2023

To meet the growing demand for Oracle Container Engine for Kubernetes (OKE) with global organizations, Oracle Cloud Infrastructure (OCI) is introducing new capabilities that can boost the reliability and efficiency of large-scale Kubernetes environments while simplifying operations and reducing costs.

March 20, 2023

Perforce Software joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program and listed its free Enhanced Studio Pack (ESP) in AWS Marketplace.

March 20, 2023

Aembit, an identity platform that lets DevOps and Security teams discover, manage, enforce, and audit access between federated workloads, announced its official launch alongside $16.6M in seed financing from cybersecurity specialist investors Ballistic Ventures and Ten Eleven Ventures.

March 16, 2023

Hyland released Alfresco Content Services 7.0 – a cloud-native content services platform, optimized for content model flexibility and performance at scale.

March 16, 2023

CAST AI has announced the closing of a $20M investment round.

March 15, 2023

Check Point® Software Technologies introduced Infinity Global Services, an all-encompassing security solution that will empower organizations of all sizes to fortify their systems, from cloud to network to endpoint.

March 15, 2023

OpsCruise's Kubernetes and Cloud Service observability platform is certified to run on the Red Hat OpenShift Kubernetes platform.

March 14, 2023

DataOps.live released an update to the DataOps.live platform, delivering productivity for data teams.

March 14, 2023

CoreStack and Zensar announced a strategic global partnership. CoreStack will provide its AI-powered NextGen cloud governance and FinOps capabilities, complementing Zensar’s composable cloud operations offering.

March 14, 2023

Delinea introduced the Delinea Platform, a cloud-native foundation for Delinea's PAM solutions that empowers end-to-end visibility, dynamic privilege controls, and adaptive security.

March 13, 2023

Sysdig announced a new foundation that will serve as the long-term custodian of the Wireshark open source project.

March 13, 2023

Talend announced the latest update to Talend Data Fabric, its end-to-end platform for data discovery, transformation, governance, and sharing.

March 13, 2023

Descope has raised $53M in seed funding and emerged from stealth to launch a frictionless, secure, and developer-friendly authentication and user management platform.

March 09, 2023

Loft Labs announced Loft v3 with new capabilities and flexibility for platform teams to build and enable their development teams with a self-service Kubernetes.

March 09, 2023

AWS Application Composer is now generally available.