A quarter of companies use 5+ open source security tools, but can be hampered by integration challenges
TEL AVIV, Israel, Nov. 17, 2022 /PRNewswire/ — Open source tools are a key part of the Kubernetes security environment, with most companies using open source Kubernetes security software, research by ARMO has revealed. In a survey of The State of Kubernetes Open Source Security, 55% of respondents said they used at least some open source tools to keep their Kubernetes clusters safe; this includes those who use purely open source and those mix open source and proprietary solutions.
The research revealed it is very common to use more than one open source security offering. Almost a quarter of respondents use five or more different open source security tools for Kubernetes. Many open source tools only do one security-related task, forcing the use of multiple tools to get comprehensive coverage.
However, this mixed approach poses challenges, especially with integration. Users find open source security solutions are difficult to integrate with other DevOps tools (62%), to manage (51%) and to set up (45%). Digging deeper, 69% admit it’s difficult or very difficult to integrate open source security tools into their existing Kubernetes stack. These challenges may be exacerbated by the fact that open source tools, by their nature, often have limited documentation, support and guidance.
This fractured security environment can lead to other problems. 68% of practitioners cited “too many alerts” as one of their biggest challenges with Kubernetes security, alongside overly fragmented solutions (62%), complexity (51%) and the lack of comprehensive solutions (47%). The other major problem raised was that security interferes with agility and time-to-market (54%).
However, proprietary solutions have challenges too. 69% of respondents mentioned that proprietary security tools are “black boxes”, giving users little insight into how they work and how they are coded, and making them harder to modify to a company’s unique needs. Other challenges related to cost, with 62% noting the complex pricing models of paid Kubernetes security solutions and 47% citing the sheer expense.
The survey revealed significant consensus around responsibility for Kubernetes security, with 58% saying it was a DevSecOps responsibility and 63% saying it should be — this does suggest some misalignment in practice. However, this raises the question of what DevSecOps is, precisely, and where it sits in an organization, whether as a subdiscipline of DevOps or a Dev and Ops focused role inside security.
ARMO, the enterprise company behind open source Kubernetes security platform Kubescape, commissioned this research to better understand how companies are using open source tools to secure their Kubernetes clusters and CI/CD pipelines.
“Open source tools are free, flexible and transparent, but they still tend to be narrow, doing only one thing very well,” said Craig Box, VP Open Source at Armo. “This survey shows that even organizations who use expensive black-box proprietary solutions often choose to use some open source options too. Another approach some companies are taking is to cobble together full Kubernetes security coverage from multiple tools, but then they run into integration challenges and can find themselves buried in alerts.”
The survey was conducted by Global Survey in July–August 2022. Respondents were 200 Kubernetes users in companies that ranged in size from >100 to 5,000+ employees. All were software developers or stakeholders from cybersecurity teams, DevOps and DevSecOps. 57% of respondents were from North America, 29% in Europe, and 14% in APAC.
The full report is available on ARMO’s website.
ARMO, the creator of Kubescape, is on a mission to create the first Kubernetes end-to-end open-source security platform, built for devops, and trusted by security.
ARMO takes a broad and comprehensive approach to offering an open-source platform that assures DevOps, DevSecOps, and developers that every workload, cluster, container, and microservice is born and remains secure from development to production, and from configuration to run-time, every time.
Kubescape is a Kubernetes open-source platform providing a multi-cloud Kubernetes single pane of glass, including risk analysis, security compliance, misconfiguration scanning, RBAC visualizer and image vulnerabilities scanning.
View original content:https://www.prnewswire.com/news-releases/armo-survey-reveals-even-companies-that-pay-for-commercial-kubernetes-security-also-use-open-source-options-301681399.html
Facebook’s parent has fired or disciplined more than two dozen employees and contractors over the last year whom it accused of improperly taking over user accounts.
The hack drained the FTX exchange of more than $663m in a variety of crypto assets, including $288m worth of ethereum.
Former Google search chief Marissa Mayer has concerns about her former employer and the internet in general.
HELSINKI (Reuters) -Europe is currently too reliant on China for technologies and should be wary of this dependency, Finland's Prime Minister Sanna Marin said on Thursday. Marin said Europe had lessons to learn from its dependency on Russian energy that led to the ongoing energy crisis in Europe, as well as the lack of medical supplies seen during the COVID pandemic.
Facebook’s parent company, Meta Platforms doesn’t have a customer-service line where any user can speak with representatives. The company, which has said it is committing to building out more customer-service options, advises people to use their guided tools, Facebook.com/hacked and Instagram.com/hacked, which ask a series of questions and then recommend various actions to secure the account. Meta’s tools can help you get back into your account, but they don’t work for everyone—especially for people who no longer know their passwords and don’t have access to the email address that Facebook or Instagram are using to reset it.
Meta Platforms said on Thursday its WhatsApp messaging service will introduce a commercial directory and test a payments tool in Brazil, as it bets on business messaging as a potential fresh source of revenue. Brazil, one of the app's biggest markets, will be the first country to see the new tools deployed outside pilot programmes. "The ultimate goal here is to make it so you can find, message and buy from a business all in the same WhatsApp chat," Chief Executive Mark Zuckerberg said in a video shown at a WhatsApp summit in Sao Paolo.
Since the introduction of Bitcoin in January of 2009, cryptocurrency has been on the rise. Technology is the future and a major chunk of people living in this world have already realized that.
Meta Platforms, Inc (NASDAQ: META) lost two more senior executives in India, days after country head Ajit Mohan stepped down from his role to pursue another opportunity at rival social media platform Snap Inc (NYSE: SNAP), Bloomberg reported. Abhijit Bose, head of WhatsApp in India, and Rajiv Aggarwal, Meta's public policy director in the country, have resigned. The resignations come amid India's heightening regulatory challenges. Also Read: Twitter Guts Key India Workforce By 90% Post Musk Take
Ethereum cofounder Vitalik Buterin has sounded a warning against the pitfalls of decentralized finance (DeFi) and self-custody, namely of bugs in smart contract code.
How could anyone be bullish on cryptocurrencies right now, after FTX collapsed and crypto went into freefall last week? The answer comes down to what we may be using the blockchain for a decade from now, not the hype cycle that has driven a lot of trading since 2022. With this in mind, I'm bullish on cryptocurrencies that are attracting users and developers to build real, innovative products on the blockchain.
(Bloomberg) — Amazon.com Inc. employees who learned Tuesday that they were being fired from the devices team will receive severance packages if they can’t find other roles inside the company.Most Read from BloombergGOP Retakes US House by Slim Margin in Washington Power ShiftXi Looks Away From Putin Toward West in World Stage ReturnElizabeth Holmes Says US Is Wrong to Suggest She Marry Her Partner to Pay DebtsXi Confronts Trudeau Over Media Leaks in Heated Exchange Caught on CameraTennessee AG
The tokens are not yet available for sale.
By now, it's probably safe to say Shiba Inu (CRYPTO: SHIB) won't repeat last year's spectacular performance this year. The popular meme token is heading for a 72% decline. Shiba Inu soared a mind-boggling 45,000,000% in 2021.
The real reason why the FTX failure hits so hard is not because the crypto industry was duped, but because it proved that the industry was vulnerable to being duped.
REE Automotive Ltd (NASDAQ: REE) reported a third-quarter FY22 net loss of $(33.5) million versus a net loss of $(414.9) million the previous year. The decrease in GAAP net loss Y/Y is mainly attributed to lower share-based compensation expenses. The company's loss widened from $(25.2) million in 2Q22, driven by lower income from the remeasurement of warrants and increased operating expenses, including transaction costs. Non-GAAP EPS loss of $(0.09), beat the consensus of $(0.10). The non-GAAP o
We're seeing many tech and e-commerce companies in China among the best-performing stocks of the day.
Crypto exchange FTX filed for bankruptcy Friday, leaving users’ funds stuck on the platform.
Lowe’s Cos. Inc. saw its Pro sales category and online business continue to climb as it topped analysts' expectations for the third quarter.
Looking at the data, the McClellan Oscillators moved back into overbought territory, which may present some headwind for the near term. On the charts, all the major equity indexes closed higher Tuesday with positive internals on higher volume on the NYSE and Nasdaq. The session left all the charts in near-term bullish trends and above their 50-day moving averages.
The decision was only the latest in a wide-ranging battle between Intel and SoftBank-backed patent holding company VLSI.