Compliance Requirements Reportedly Slow Cloud-Native, Container Initiatives
Cloud-native initiatives in the enterprise -- already plagued by the ever-present skills dearth -- are further slowed by compliance requirements, a new report claims.
"We are pleased to see that many companies are focusing development on cloud-native applications; however, the report highlights that with cloud-native adoption comes a slew of new requirements and challenges that are driving delays," says the introduction to the first-ever "State of Cloud Native Security" report from Tigera, which specializes in Zero Trust-based security for cloud-native applications running on containers and Kubernetes.
The company commissioned Dimensional Research to poll 304 global global security and IT professionals with direct container responsibilities in organizations with 10 or more employees. The report has three main focus points: cloud-native applications; containers; and compliance.
Data highlights of the report that back up the compliance conundrum include:
- 87 percent of companies said meeting compliance requirements is critical for their company, and 84 percent of respondents said that meeting compliance requirements for cloud-native applications is challenging
- 95 percent said they have compliance requirements for cloud-native applications
- 63 percent of companies must provide container-level information for compliance requirements
- 90 percent said audit reports are challenging to produce
In the report's container section, the aforementioned skills dearth is once again front and center. The report noted that container adoption can be fraught with complexities in regard to development, configuration, compliance and security in both build and runtime stages. In that context, when asked "What are the biggest barriers for container adoption in your organization?" the top answer was once again "Lack of skilled resources."
The continuing challenge of finding skilled specialists is reflected in many other reports we have covered, including:
Besides the skills/talent challenge, the report noted that containers require security solutions for runtime, access and networking, backed up with these data points:
- 99 percent of companies indicate containers require access to other applications and services
- 98 percent need container security, with runtime security topping the list
- 99 percent of companies require network security for containerized applications
Highlights of the cloud-native section, meanwhile include:
- 75 percent of companies are focusing development on cloud-native applications
- Security and compliance requirements slow cloud-native application development
- Container-level firewalls and workload access controls top security needs for cloud-native applications
- 97 percent of companies report observability challenges with cloud-native applications
- 76 percent need runtime visualization for cloud-native applications
"According to our report, the move to cloud-native applications has strong momentum, but companies need tools to increase visibility and provide security at the container, application, and network levels. These tools need to remove barriers and delays during development and deployment, while also reducing the risk from delayed time to market, security vulnerabilities, and compliance violations," Tigera concluded while offering these recommendations:
- Threat prevention: Reduce application attack surface with Zero Trust
- Threat detection: Monitor for both known and unknown vulnerabilities and malware
- Threat mitigation: Mitigate risks from exposure
Specific techniques for implementing all three of those recommendations can be found in the report, which notes that Tigera's Cloud-Native Application Protection Platform (CNAPP) prevents, detects, troubleshoots and automatically mitigates exposure risks of security issues in build, deploy and runtime stages.
David Ramel is an editor and writer for Converge360.