Is "Cloud Native Security" Worth Paying For?

September 4, 2024

Written by Michael Coté and Rita Manachi

A version of this article appears in The New Stack.

Securing cloud native environments can be overwhelming, especially if you're building your own stack from the hot-pot bar of the CNCF landscape. You'll fit each of those projects together, making sure you find and follow all the security to do's. Then you customize them to behave however you need - after all, that's why you built a custom stack, right? Then, as each of those projects is updated, or you discover new features you need, you tinker with your platform a bit and need to run through those checklists again. This is all while also making sure you're on versions of every project that are verified to work with each other across the hot-pot bar that you've built!

Hopefully we didn’t trigger anyone with that scenario. It’s just that the cloud native security landscape is complicated and security teams are having a hard time keeping up. Taking on a continuous and integrated security approach can help make this less daunting. As Jurgen Sussner put it in this article:

“Cloud native security is totally different from [sic] traditional enterprise security. Traditionally, security has been a gate someone has to go through on their way to production. Applying this to cloud native would disrupt the continuous delivery and improvement process. Therefore, security has to be part of the pipeline — not just shifted left, but shifted everywhere. Meanwhile, platform engineers need overall visibility of the whole application landscape to see who is affected by what and how to fix it or if it was fixed. That’s why cloud native application protection platforms are gaining importance.”
— Jürgen Sußner

This piece explores the tradeoffs between assembling your own stack and taking on and managing more security risk. Both these things require investments either with time or money or both! So what is worth it?

We asked our friend Whitney Lee what "kubernetes security" means and she shared this talk that demonstrates how intense and encompassing kubernetes security is. Little wonder: Kubernetes' scope is huge, looking to standardize not only the infrastructure layer, but also how applications are architected, run, and managed. There are so many seams, connections, and surfaces that need to be secured in Kubernetes that it all becomes a red string crazy board.

This isn't meant to be FUD, it's just how it is when you build a custom stack. What the crazy board means is that you need to plan for and prioritize security and governance in your platforms across every component within the custom stack. According to the results for this year's State of Cloud Native Platforms survey (formerly State of Kubernetes) people using cloud native platforms get it. This is the fifth year we’ve done this survey and it feels like the best one yet.

Putting your money where your priority is

When it comes to priorities, what people spend money on is one of the best ways to see what actually matters to them. In my decades of working in the tech industry, including as an analyst, security is usually a top three investment priority. Our own research shows the same thing when we asked "in your opinion, which of the following types of tools or capabilities are worth investing in paid support or services?"

Security and compliance aren't the only drivers to use an off-the-shelf (or "off-the-cloud"?) platform, but based on the spending habits above, we theorize that it's an important reason.

Who needs continuous compliance?

Our focus this year was on large companies, with 66% of respondents coming from companies of 5,000 or more employees, 35% with more than 20,000 employees. We also tracked the number of developers in each organization and, of course, industry type. Those demographics are important because they represent organizations functioning in highly regulated industries who need to keep up with changing guidelines and regulations.

By volume, these are typically the organizations with the most software, the most software that needs to be modernized, and the most widely used software. This means that any improvement made in those organization's software will have a huge impact on our daily lives. Think about renewing your driver's license all in an app, ordering your groceries online, or just quickly transferring money to friends after a fancy dinner.

An easy place to start

When it comes to improving software, here's one more look into a finding from the survey: the number one use case people were focusing on was deploying and testing applications in the CI/CD pipeline. This is fantastic since a shocking low amount of organizations have build and test automation in place. Automating your software pipeline not only speeds up release cycles, meaning you have more opportunities to try out new ideas to improve your apps. But, it also gives you more controls for security and governance.

If you want to get a feel for how large organizations are using cloud native app platforms, check out the full survey. You'll get a good sense of the priorities, the struggles, and also the benefits people are getting with cloud native platforms. From what we're seeing in this year's survey, people are focusing on the right things as they look up the stack and focus more and more on their platforms.

Building Custom Container & Helm Chart Catalogs via API with Tanzu Application Catalog

Discover how Tanzu Application Catalog empowers secure OSS use with custom container and Helm chart catalog...

The Power of Hackathons in DevOps Culture

Explore how internal hackathons boost innovation, tackle technical debt, and elevate team morale and learni...

Is "Cloud Native Security" Worth Paying For?

Putting your money where your priority is

Who needs continuous compliance?

An easy place to start

Previous

Next

Is "Cloud Native Security" Worth Paying For?

Putting your money where your priority is

Who needs continuous compliance?

An easy place to start

Previous

Next

Related content in this Stream

As Spring Framework 5.3 support concludes, upgrading to Spring Framework 6 is vital for security and performance. Leverage tools and community resources to navigate this transition seamlessly.

Explore platform engineering with Tanzu for Cloud Foundry: build community, enhance product management, and scale developer support to maximize platform value and innovation.

Discover enhanced VMware Tanzu Knowledge Graph features: explore open source catalogs, assess package vulnerabilities, ensure compliance, and streamline security with new insights and tools.

Explore the Golden Commands—build, bind, deploy, scale—crucial for production paths on Tanzu's Cloud Foundry & Kubernetes. 'Build' is essential for secure, repeatable code production.

Discover how Tanzu Application Catalog empowers secure OSS use with custom container and Helm chart catalogs, offering enhanced vulnerability management and streamlined software transparency.

Explore how internal hackathons boost innovation, tackle technical debt, and elevate team morale and learning, driving better business outcomes in enterprise settings.

At VMware Explore the group announced enhancements to data solutions and improved Kubernetes developer experience

Explore VMware Explore Vegas for the latest product announcements! Tanzu Platform 10 brings new features to Cloud Foundry, building on Tanzu Application Service 6.0, available October 2024.

Discover VMware Tanzu's latest blog on accelerating app delivery and enhancing data solutions with new features in Tanzu Data Solutions, driving efficiency, security, and scalability.

VMware Tanzu Platform seamlessly connects Kubernetes adoption with user experience, unifying infrastructure through centralized tools and cloud-native standards in one comprehensive solution.

Leverage Tanzu Spring's latest innovations for efficient, secure, compliant app dev. enhancements include Spring Application Advisor, Spring Boot Governance Starter, & Spring AI Seamless Integration.

Explore VMware Tanzu AI Solutions' new features for GenAI, tackling AI model management, efficiency, and governance, while boosting intelligent app delivery and observability in Java environments.

Boost Java power with Spring Boot 3.3's Class Data Sharing (CDS)! Enjoy faster startups, lower memory use, and smoother activation with DevXP. Optimize JVM for the digital era!

Explore how VMware Tanzu accelerates app delivery, offering cost savings, flexibility, and enhanced security with a unified platform. Discover the benefits of seamless integration and innovation.

Stay ahead with SpringOne. Learn from our core committers, Spring Engineering team leads, and industry experts from Microsoft, Netflix, and more. Enhance skills, network, and advance your career.

Dive into the insights of the State of Cloud Native Application Platforms 2024 report, where feedback from Tanzu Vanguard members illuminates industry trends.

Discover how the new CloudHealth user experience is aligning with the modern FinOps practitioner to help them throughout the Operate Phase of their FinOps journey.

At Explore 2024, the Tanzu Division of Broadcom will unveil the latest innovations in cloud native computing technologies and patterns that are fueling our customers’ business.

Let's make SpringOne 2024 an unforgettable experience, celebrating the endless possibilities of software development and the incredible tools at our disposal.

The Cloud Foundry Weekly podcast crew and our customers share practical insights on how their organizations run their businesses in this live podcast recording recap.