The market has moved beyond discussing the benefits of Kubernetes or the potential growth. There are solid proofs to substantiate the adoption of Kubernetes because companies across all verticals are convinced about its benefits. Now that we are in the deployment and production phases in the Kubernetes world, people have started realizing some of the gaps that exist in cloud security solutions in the market, causing major unexpected economic impacts.
Most cloud security solutions are not capitalizing on the great advancements that have taken place in the cloud-native deployments. This means the overhead of running these solutions is going to add huge costs to the overall compute and operational costs of the Kubernetes environment – Cluster Economics!
A true cloud-native security approach should take full advantage of the cloud platform and its available controls. However, almost all security solutions add huge overhead by simply cloud-washing their traditional on-prem security stack – adding new control planes and inserting agents in the path. There are fundamental issues with that approach. Security vendors using proprietary standards for deployment and using their own enforcement agents in the cloud essentially lock customers in an architecture which inhibits them from embracing newer technologies.
One of the major reason enterprises have adopted Kubernetes (K8s) is to accelerate their ability to react to the dynamic business opportunities and push digital transformation forward. Another key reason for K8s adoption is the ability to achieve network segmentation policies for maintaining compliance and supporting zero-trust architectures in the hybrid and distributed networks with automation. However, if achieving that comes at the cost of adding a new management plane, getting locked-in to a single security vendor and opening the floodgates to deploying a significant, unplanned number of pods just to run your cloud security solution – this cloud security strategy falls (Read more...)
*** This is a Security Bloggers Network syndicated blog from Tufin - Cybersecurity & Agility with Network Security Policy Orchestration authored by Sattwik Gavli. Read the original post at: https://www.tufin.com/node/3300