Facing the Security Challenges of Cloud-Native Applications
June 14, 2022

Growth in cloud-native workloads surged with the rapid digitalization caused by the pandemic and the need for more agile, powerful development tools. By 2025, Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021.

Three-quarters (75%) of companies are focusing development on cloud-native applications, according to the The State of Cloud-Native Security report from Tigera.

The increased development and deployment of cloud-native applications also creates the need for more advanced observability and security capabilities.

"Organizations are only just beginning to unlock the potential of cloud-native applications," said Ratan Tipirneni, President and CEO, Tigera. "At the same time, however, these unprecedented innovations have created unforeseen challenges–evidenced by the majority of IT professionals naming security as a top challenge when it comes to cloud-native application deployment cycles."

Cloud-native applications are gaining momentum but also present security, compliance, and observability issues:

■ 97% of companies reported observability challenges with cloud-native applications.

■ 96% of companies said that cloud-native application challenges are leading to slower deployment cycles, with 67% naming security as the top challenge.

■ 69% of companies identified container-level firewalls (IPS/IDS, WAF, DDoS, DPI, etc.) as the top need for network security for cloud-native applications.

■ 76% of organizations need runtime visualization for cloud-native applications.

Organizations require security solutions for runtime, access, and networking for containers:

■ 99% of companies indicated containers require access to other applications and services.

■ 98% need container security, with runtime security topping the list.

■ 99% of companies require network security for containerized applications.

Cloud-native and container compliance requirements are driving delays and challenges for organizations:

■ 87% of companies said meeting compliance requirements is critical for their company, and 84% of respondents said that meeting compliance requirements for cloud-native applications is challenging.

■ 95% said they have compliance requirements for cloud-native applications.

■ 63% of companies must provide container-level information for compliance requirements.

■ 90% said audit reports are challenging to produce.

Adopting tools that increase visibility and provide security at the container, application, and network levels can help enterprises address cloud-native security, including threat prevention by reducing the application attack surface; threat detection by monitoring for both known and unknown threats; and threat mitigation by quickly resolving risks from exposure. These tools remove barriers and delays during development and deployment while also reducing the risk of delayed time to market, security vulnerabilities, and compliance violations.

Methodology: The report yielded responses from 304 security and IT professionals globally (those with direct container responsibilities).

Share this

Industry News

June 27, 2022

Delinea announced the latest release of DevOps Secrets Vault.

June 27, 2022

Jit announced a $38.5 million seed funding round and launched a free beta version which automates product security.

June 27, 2022

Platform.sh raised $140 million in Series D funding.

June 23, 2022

Akana by Perforce now offers BlazeMeter to customers, previously a solution with Broadcom Layer7.

June 23, 2022

Coder announced the release of a new open source project that gives developers and data scientists a consistent, secure, yet flexible way to create cloud workspaces in minutes.

June 23, 2022

GitGuardian is announcing a series of new features to address developer experience in securing the software development lifecycle.

June 22, 2022

OctoML released a major platform expansion to accelerate the development of AI-powered applications by eliminating bottlenecks in machine learning deployment.

June 22, 2022

Snow Software announced new functionality and integrations for Snow Atlas, a purpose-built platform that provides a framework to accelerate data-driven technology decision-making.

June 22, 2022

Traefik Labs launched Traefik Hub, a new cloud service that eliminates the complexity of management and automation of Kubernetes and Docker networking at scale.

June 21, 2022

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the new Open Programmable Infrastructure (OPI) Project.

June 21, 2022

Docker announced the acquisition of Atomist, a company founded to improve developer productivity and keep cloud native applications safe.

June 21, 2022

SmartBear released BitBar, an all-in-one web and native mobile app testing solution.

June 16, 2022

Armory announced general availability of Armory Continuous Deployment-as-a-Service.

June 16, 2022

Infragistics announced the launch of App Builder On-Prem.

June 16, 2022

LambdaTest launched Test-at-Scale (TAS), a test intelligence and observability platform, to help development teams with shift-left testing.