Highlights –

  • Nearly 96% of the companies surveyed stated that security, compliance and observability are the most challenging aspects of cloud-native applications.
  • The move toward cloud adoption has gained momentum, but businesses need tools to increase visibility and provide security at the container, application, and network levels.

Tigera, a cloud-native application protection platform (CNAPP) provider and an inventor and maintainer of open-source Calico, announced the release of a new report titled, The State of Cloud-Native Security. The report gives crucial insights from security and IT professionals across the world. It also highlights the key opportunities and challenges enterprises face with containers and cloud-native applications, with a particular focus on security, observability, and compliance.

According to the report, rapid digitalization – spearheaded by the pandemic and the need for more agile, powerful development tools – led to a surge in the growth of cloud-native workloads. Gartner predicts that by 2025, more than 95% of the new digital workloads will be deployed on cloud-native platforms, a 30% increase from 2021.

Tigera’s new report confirmed the same trend and found that 75% of businesses are focusing on the development of cloud-native applications. A spike in the development and deployment of cloud-native applications also calls for the need for more advanced observability and security capabilities.

“Organizations are only just beginning to unlock the potential of cloud-native applications,” said Ratan Tipirneni, president and CEO of Tigera. “At the same time, however, these unprecedented innovations have created unforeseen challenges – evidenced by most IT professionals naming security as a top challenge when it comes to cloud-native application deployment cycles. At Tigera, we’re proud to provide today’s developers, DevOps engineers, platform engineers, and security teams with the solutions they need for full-stack observability for containers, Kubernetes, and cloud, and we are committed to listening to our users and developing products to meet their needs.”

Key Findings of The Survey

The State of Cloud-Native Security report results present a rise in cloud-native development while recognizing the barriers and areas where firms need support as they begin or continue their cloud-native journey.

While cloud-native applications are being adopted quickly, they also present security, compliance, and observability issues.

  • About 97% of firms said they were countering observability challenges with cloud-native applications.
  • Around 96% of the enterprises reported that cloud-native application challenges had slowed deployment cycles, with 67% finding security to be the top challenge.
  • Nearly 69% of the firms recognized container-level firewalls (IPS/IDS, WAF, DDoS, DPI, etc.) as the top need for network security for cloud-native applications.
  • Nearly 76% of organizations need runtime visualization for cloud-native applications.

Organizations need security solutions for runtime, access, and networking for containers.

  • Around 99% of the firms suggested that containers require access to other applications and services.
  • Nearly 98% emphasized the need for container security, with runtime security topping the list.
  • About 99% of the firms felt the need for network security for containerized applications.

Cloud-native and container compliance requirements are leading to delays and challenges for organizations.

  • About 87% of the companies felt that fulfilling compliance requirements are essential for them, and 84% of the respondents said that meeting compliance requirements for cloud-native applications is challenging.
  • Around 95% reported having compliance requirements for cloud-native applications.
  • About 63% of companies must provide container-level information for compliance requirements.
  • Around 90% believe audit reports are challenging to produce.

Cloud-Native Security Solution Adoption in 2022

Enterprises can address cloud-native security by embracing tools that drive more visibility and offer security at the container, application, and network levels. This includes threat mitigation by minimizing the application attack surface, monitoring for both known and unknown threats, and quickly resolving risks from exposure. These tools eliminate barriers and delays during development and deployment. They also minimize the risk of delayed time to market, security vulnerabilities, and compliance violations.

In sync with market needs, Tigera’s recent updates to Calico Cloud offer an end-to-end unified solution for active cloud-native application security across build, deploy, and runtime stages. Calico Cloud is developed for cloud-native architecture, maintaining and running infrastructure-as-code. With its integrated policy engine, Calico Cloud minimizes the risk of exposure by deploying corrective security policies as code that can alert, pause, quarantine, or terminate pods. These native extensions allow security and observability-as-code for easy and consistent enforcement across environments.

Survey Response

Tigera yielded responses from more than 300 security and IT professionals worldwide. The survey throws light on the need and challenges organizations face when it comes to containers and cloud-native applications, specifically in the areas of security, observability, and compliance. Tigera focused on individuals with container responsibilities at companies with 10 or more employees. All respondents had direct container responsibilities.