A quick look at headlines emanating from this year’s sold out KubeCon + CloudNativeCon Europe underlines the fact that Kubernetes security has risen to the fore among practitioners and vendors alike.
As is typically the case with our favorite technologies, we’ve reached that point where people are determined to ensure security measures aren’t “tacked on after the fact” as related to the wildly-popular container orchestration system. The notion is that this kind of focus often doesn’t occur until after some headline-stealing security incident shines a light on an area of unfortunate oversight.
Here’s the reality: the need to keep Kubernetes security top of mind is nothing new, as core security components of the open source project have been emerging from the community since at least 2017. This was a scant two years after its public introduction, and contributors were actually developing these capabilities since roughly Day One. It does seem we’ve reached a new height in K8s security buzz, though, as new projects and products arrive all the time to help users protect their Kubernetes environments.
And this isn’t just vendor hype. Our newly-published 2023 DevOps Pulse Report, based on around 500 survey responses from personas ranging from developers to SREs, and beyond, found that many are intent, and often struggling, to engage Kubernetes observability and security practices. Almost 50% of respondents cited Kubernetes as their main obstacle to gaining full observability into their environment, full stop, and roughly 50% indicated Kubernetes security is the most difficult component of running the technology in production.
As it specifically relates to aligning their related monitoring, investigation and troubleshooting practices, some 80% of respondents highlighted that they either currently maintain or plan to implement a unified model for observability and security monitoring. So there you have it, I’d say that this all adds up to a noteworthy trend.
From a product and platform perspective, we here at Logz.io are always asking our customers what they need next, and so it’s no surprise Kubernetes security is a critical focus area. Since the introduction of our Kubernetes 360 solution in late 2022, we’ve been heads down refining and extending this unified observability capability. Now, we’ve got exciting news to share.
As part of the KubeCon + CloudNativeCon EU event, we’re introducing the addition of security and vulnerability scanning to Kubernetes 360 as we seek to make the capability even more useful and powerful. Delivered via integration with Aqua Security’s open source-based Aqua Trivy vulnerability and misconfiguration scanning solution, this capability will now allow Logz.io Open 360™ platform users to quickly identify and resolve potential security issues introduced into their Kubernetes environments.
Trivy specifically scans for problematic open source software packages and dependencies, infrastructure-as-code issues and misconfigurations, and Common Vulnerabilities and Exposures (CVEs). By integrating key security and compliance context into Kubernetes 360 we hope to enable today’s monitoring and observability teams to quickly identify emerging exposures present in their applications and infrastructure to inform related remediation.
Perhaps just as importantly, this expansion of Kubernetes 360 helps address an existing gap in many organizations’ observability practices by providing engineering, DevOps and ITOps teams with crucial information useful for communicating more effectively with their security peers. While we obviously have numerous customers practicing DevSecOps in a focused manner, we see many customers operating observability and security across multiple teams. We think providing this detailed visibility into K8s security can help expedite and improve communication among these stakeholders.
It would seem Kubernetes security is having its moment as a topic and as a sales pitch, and rightly so, as best practices for K8s utilization advance at a furious pace. Hopefully, you’ll agree adding security scanning to our observability platform provides an even more helpful and unified approach.
If you haven’t already done so, sign up for your 30-day free trial of the Logz.io Open 360™ platform today.