6 Years Later: How Kubernetes Revolutionized How We Use the Cloud
July 15, 2020

Loris Degioanni
Sysdig

Kubernetes had a birthday last month and while it's odd to wish happy birthday to software, I do feel that we need to pay homage. In its six years of "life," Kubernetes has revolutionized how we build, and deliver applications.


When organizations first began the march to the cloud, it was to save time and avoid large capital outlays, but it came at the expense of vendor lock-in. Others stayed away because scaling infrastructure and applications in the cloud was anything but effortless. The introduction of Kubernetes upended what is possible in the cloud, along with conventional roles and processes.

The Benefits of Kubernetes

Kubernetes' emergence over the last six years as the de facto operating system has given companies the gift of speed and agility. Kubernetes has made it easier to create and manage application components based on containers, link services, automate scale and failover, and tear containers once they outlive their usefulness. Developers are realizing new features and applications in days. Before it would take weeks, months, or even years. By making small improvements continually, organizations can speed innovation and reduce risk.

A recent survey from VMware found that 95% of people have seen clear benefits since adopting Kubernetes, with 56% of respondents noting utilization as a top Kubernetes benefit, along with 53% recognizing shorter software development cycles. Additional benefits recognized in the survey include containerizing monolithic applications, enabling a move to the cloud and reducing public cloud costs.

And these advantages are being realized with increased adoption. In December 2019, a survey by the Cloud Native Computing Foundation found that four out of every 10 enterprise companies (companies with 5,000+ employees) were running Kubernetes in production environments. Even more have tiger teams testing Kubernetes in development stages. Since COVID, the number is expected to grow exponentially.

How Kubernetes Adoption is Shifting with COVID

When COVID hit, organizations that use Kubernetes and a DevOps approach were able to quickly adapt customer-facing applications to meet changing requirements. Their teams were able to quickly respond to the new needs, along with the additional scalability requirements. According to a May 13 report from analysts at Gartner, Worldwide IT spending in 2020 is projected to be down 8% from 2019 in response to COVID-forced budget cuts; however, spending on public cloud services is expected to grow 19% this year. A quick Google search will result in dozens of articles outlining how COVID has accelerated adoption.

When Kubernetes is utilized for projects that need to scale, it delivers, which is why we haven't heard of a lot of issues from companies that saw sudden spikes in usage, such as gaming and large delivery services. Properly architected Kubernetes-based applications can handle massive volume, and they can immediately scale when hosted in the public cloud.

However, Kubernetes comes with its own challenges, and adoption requires new processes, tools and a shift in job roles. Operating a cloud-native environment with thousands of hosts and services requires a fundamentally different approach than running a handful of monolithic applications on virtual machines. Containers are black boxes that work well as application building blocks but obstruct visibility for traditional security and monitoring tools. As organizations deploy business-critical applications using Kubernetes, they need to ensure availability, security and compliance.

Securing Kubernetes Requires a "Shift Left" Approach

Until recently, the security team was seen as a "gate," the last stop, and implementing security checks was a manual step before deployment. This is fine when updates are pushed monthly, but when the cadence shifts to weekly or daily, manual security configuration and checks are not feasible. On top of that, if a vulnerability or configuration issue is identified, retroactively addressing it takes time.

Instead, you need to build security checks into the development pipeline, so issues are addressed before the container is deployed in production. By prioritizing security early and creating a shared approach across the security and development teams, you will be able to ship applications faster.
According to the 2019 Accelerate State of DevOps Report, elite DevOp teams, those seeing the most success, automate and integrate tools more frequently into their toolchains. This includes integrating production monitoring and security checks. According to Gartner analysts, "By 2021, DevSecOps practices will be embedded in 60% of rapid development teams, as opposed to 20% in 2019."

What a secure DevOps or DevSecOps approach includes:

1. Scanning for vulnerabilities in the build process: This will help to ensure you are not putting vulnerable code into production and increasing your security risk.

2. Runtime protection: Shifting left will help ensure the container is not deployed with vulnerabilities, but you also need to protect against unknown threats by detecting and preventing anomalous behavior.

3. Continuous compliance validation.: Meeting stringent compliance guidelines, such as GDPR, PCI-DSS and HIPAA can be complex in fast-changing container environments. By mapping regulations and policies to specific controls, you can automate checks during the build and run phases of the software development lifecycle to ensure continual compliance.

4. Security monitoring: In container environments, visibility is a major challenge. You cannot secure what you cannot see. DevOps teams can leverage a single tool for monitoring to identify potential security, performance and availability issues.

5. Incident response and forensics: Capturing a detailed activity audit is critical for responding to alerts and conducting forensics investigations. You need access to detailed container activity records for a single source of truth across DevOps and security teams in order to effectively identify what happened and quickly respond.

In six short years, Kubernetes has moved from being the brainchild of three talented developers looking to create a minimally viable orchestrator to the standard platform for deploying applications in the cloud. The next stage for Kubernetes adoption will focus on maturing DevOps workflows by increasing automation, including addressing visibility and security earlier in the application lifecycle. Now, more than ever, successful companies will be defined by their ability to use Kubernetes and cloud to accelerate innovation for competitive advantage.

Loris Degioanni is CTO and Founder of Sysdig
Share this

Industry News

November 24, 2020

Red Hat announced new capabilities and features for Red Hat OpenShift, the company's enterprise Kubernetes platform.

November 24, 2020

Sectigo released Chef, Jenkins, JetStack Cert-Manager, Puppet, and SaltStack integrations for its certificate management platform.

November 24, 2020

DataStax released K8ssandra, an open-source distribution of Apache Cassandra on Kubernetes.

November 23, 2020

Spectro Cloud has released a new, self-hosted version of its flagship product, Spectro Cloud.

November 23, 2020

GitLab completed integration of Peach Tech, a security software firm specializing in protocol fuzz testing and dynamic application security testing (DAST) API testing, and Fuzzit, a continuous fuzz testing solution providing coverage-guided testing.

November 23, 2020

Fugue announced the availability of its SaaS product in AWS Marketplace, further simplifying the process for Amazon Web Services customers to use Fugue to bring their environments into compliance quickly, demonstrate compliance at any time, and Shift Left on cloud security.

November 19, 2020

Rollbar announced AI-assisted workflows powered by its new automation-grade grouping engine.

November 19, 2020

Buildkite expanded its integration with GitHub and introduced a new onboarding experience.

November 19, 2020

Rancher Labs launched a new Partner Program for the OEM and embedded community.

November 18, 2020

Puppet announced its evolution to an integrated automation platform to enable key business initiatives such as scaling DevOps, risk reduction, policy as code, and evolving cloud strategies.

November 18, 2020

Adaptavist has joined the GitLab partner program as a Select partner.

November 18, 2020

Postman launched the beta version of public workspaces, a hub that makes it possible for both API producers and consumers to seamlessly communicate and collaborate in real time without team or organizational boundaries.

November 17, 2020

Red Hat introduced new capabilities for Red Hat Enterprise Linux and Red Hat OpenShift intended to help enterprises bring edge computing into hybrid cloud deployments.

November 17, 2020

Humio announced the availability of the Humio Operator.

November 17, 2020

Accurics announced that Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code (IaC), has been extended to support Helm and Kustomize.