By Fei Huang, Chief Strategy Officer and co-founder, NeuVector
We made it! We’re halfway through 2020 and we’ve all adjusted to a new way of working. In the technology world, based on what we see, the migration to Cloud Computing isn’t slowing down. In fact, some verticals are accelerating cloud adoption. A cloud infrastructure is the solution of choice to support a global remote workforce, whether they’re in their homes or far-flung locations. Cloud workloads are more and more distributed and scale to every corner of the internet to service the business.
O’Reilly’s recent Radar survey, Cloud Adoption in 2020, shows that the cloud adoption rate has reached 88% in the enterprise and 17% of large organizations (over 10,000 employees) have already moved 100% of their applications to the cloud. Even though the survey was conducted pre-COVID19 pandemic, our recent conversations with customers and prospects validate the accuracy of the results.
One question in particular sparked my interest:
“What skills does your team or organization need to better migrate and implement cloud-based infrastructure?”
Six of the top ten responses relate to containers and security and are fairly equally weighted in importance. After “General cloud knowledge”, Containers, Kubernetes and Microservices infrastructure are the highest priority skills. This makes sense. We see many customers moving quickly to these new architectures to create DevOps teams and speed delivery. And yet, the technology is still fairly new so many existing team members do not have deep domain expertise and the ability to extend security skills to cloud deployments.
As a container security company, it is reassuring to see that organizations are also prioritizing security as evidenced by the inclusion of “Cloud-based security”, “Cloud-based regulatory compliance” and “Monitoring” which all roll up under the larger security umbrella.
Concern about cloud security is not new. Even for the most experienced security professionals, the sheer number of moving parts makes Cloud security a challenge: identity authorization and authentication, access control, external interfaces, compliance checks, monitoring, configuration hardening, runtime attacks, segmentation, firewalls, abnormal behavior, security events and logs, policy management, insider attacks, encryption, crypto-mining, threats, zero-days and so on…
Cloud security is complicated, but that doesn’t mean it needs to be hard. With new technologies, security can be fully automated with intelligence, including in container and Kubernetes environments. The CI/CD pipeline, the repository and registry, application images, pre-production and production environments, running service instances, customers’ sensitive data…the full life cycle of containers and applications can all be protected by new security platforms that incorporate sophisticated automation. Security policy as code enables a new level of protection that ensures speed, security, and compliance throughout the container lifecycle.
When you migrate to the cloud, whether public or private, especially when deploying containers or Kubernetes, security is a vital component. Software can fill some of the skill gaps you may have. NeuVector is a pioneer in full lifecycle container security, delivering not only complete vulnerability management, but critical security for containers running in production that prevents unknown attacks from internal and external sources.
“NeuVector is the strongest player in Kubernetes security market, giving us the ability to both monitor and visualize the network traffic we’re generating, plus a complete static analysis offering for our container base layers. By using NeuVector’s end-to-end container security solution, I’m confident that we’re detecting attacks from both malicious containers containing injected vulnerabilities and from more traditional instrusion vectors. I sleep just a bit easier knowing these kinds of threats will be automatically detected and addressed. With NeuVector in our security quiver, we can confidently tell our customers that the Element Platform is secure against bad actors.”
Sean McCormick, Vice President of Engineering, Element Analytics