Solo.io is donating its open source API Gateway, Gloo Gateway, to the Cloud Native Computing Foundation (CNCF) to further its mission of building a complete omni-gateway connectivity solution.
Facing the Security Challenges of Cloud-Native Applications
June 14, 2022
Growth in cloud-native workloads surged with the rapid digitalization caused by the pandemic and the need for more agile, powerful development tools. By 2025, Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021.
Three-quarters (75%) of companies are focusing development on cloud-native applications, according to the The State of Cloud-Native Security report from Tigera.
The increased development and deployment of cloud-native applications also creates the need for more advanced observability and security capabilities.
"Organizations are only just beginning to unlock the potential of cloud-native applications," said Ratan Tipirneni, President and CEO, Tigera. "At the same time, however, these unprecedented innovations have created unforeseen challenges–evidenced by the majority of IT professionals naming security as a top challenge when it comes to cloud-native application deployment cycles."
Cloud-native applications are gaining momentum but also present security, compliance, and observability issues:
■ 97% of companies reported observability challenges with cloud-native applications.
■ 96% of companies said that cloud-native application challenges are leading to slower deployment cycles, with 67% naming security as the top challenge.
■ 69% of companies identified container-level firewalls (IPS/IDS, WAF, DDoS, DPI, etc.) as the top need for network security for cloud-native applications.
■ 76% of organizations need runtime visualization for cloud-native applications.
Organizations require security solutions for runtime, access, and networking for containers:
■ 99% of companies indicated containers require access to other applications and services.
■ 98% need container security, with runtime security topping the list.
■ 99% of companies require network security for containerized applications.
Cloud-native and container compliance requirements are driving delays and challenges for organizations:
■ 87% of companies said meeting compliance requirements is critical for their company, and 84% of respondents said that meeting compliance requirements for cloud-native applications is challenging.
■ 95% said they have compliance requirements for cloud-native applications.
■ 63% of companies must provide container-level information for compliance requirements.
■ 90% said audit reports are challenging to produce.
Adopting tools that increase visibility and provide security at the container, application, and network levels can help enterprises address cloud-native security, including threat prevention by reducing the application attack surface; threat detection by monitoring for both known and unknown threats; and threat mitigation by quickly resolving risks from exposure. These tools remove barriers and delays during development and deployment while also reducing the risk of delayed time to market, security vulnerabilities, and compliance violations.
Methodology: The report yielded responses from 304 security and IT professionals globally (those with direct container responsibilities).
Industry News
November 14, 2024
LaunchDarkly announced a new approach to software delivery—Guarded Releases—that empowers organizations to ship with confidence and manage risk proactively.
November 14, 2024
Diagrid announced details of the upcoming release of Dapr 1.15, a Cloud Native Computing Foundation project maintained by Diagrid, Microsoft, Intel, Alibaba, and others.
November 14, 2024
Fermyon™ Technologies announced the release of Spin 3.0, enabling enterprises to quickly move toward more sophisticated production applications based on WebAssembly (Wasm).
November 13, 2024
Mirantis announced Mirantis Kubernetes Engine (MKE) 4, the latest evolution in its long-established product line that sets the standard for secure enterprise Kubernetes.
November 13, 2024
Cequence Security announced the launch of its new API Security Assessment Services.
November 13, 2024
Pulumi announced improvements including major updates to the EKS provider supporting Amazon Linux 2023 and Security Groups for pods, the release of Pulumi Kubernetes Operator 2.0 with dedicated workspace pods, Pulumi ESC integration with External Secrets Operator, and a new Kubernetes-native deployment agent for enhanced security and scalability.
November 13, 2024
Loft Labs announced the public beta of vCluster Cloud, a managed solution that simplifies and reduces the costs of Kubernetes clusters.
November 13, 2024
DevZero announced DXI (Developer Experience Index), an initiative aimed at transforming developer productivity by unifying engineering throughput and operational metrics.
November 13, 2024
Horizon3.ai announced the release of NodeZero™ Kubernetes Pentesting, a new capability available to all NodeZero users.
November 13, 2024
The CNCF Technical Oversight Committee (TOC) has voted to accept wasmCloud as a CNCF incubating project.
November 12, 2024
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of Dapr.
November 12, 2024
NetApp announced an expanded collaboration with Red Hat to offer new solutions to streamline and accelerate enterprise application development and management in virtual environments.
November 12, 2024
Akamai Technologies announced the Akamai App Platform, a ready-to-run solution that makes it easy to deploy, manage, and scale highly distributed applications.
November 12, 2024
Snyk has acquired Probely, a modern Dynamic Application Security Testing (DAST) provider based in Porto, Portugal, with coverage of API security testing and web applications.
