Armo on the state of Kubernetes open source security

Too much tool trouble

Lots of tools means lots of problems, though, especially when it comes to integration, suggests the company.

The report says that users find open source security solutions tough to integrate with other DevOps tools (62%), manage (51%) and set up (45%). Overall, 69% struggle to integrate open source security tools into their stacks. The company thinks that [as a generalised statement suggestion] open source tools tend to be poorly documented and supported, meaning users have to do the work themselves.

When it comes to proprietary security solutions, survey respondents cited, perhaps unsurprisingly, financial aspects.

As many as 62% complained about the complex pricing models the security vendors use and 47% felt expense was a problem overall. On the technical side, 69% noted that proprietary security tools are “black boxes” that are tough to understand and modify.

Asked if Kubernetes security was its own discipline, only 3% of respondents thought it was; 97% disagreed and felt it was just a subdiscipline of broader cloud security.

Armo makes the open source Kubernetes security platform Kubescape.

Craig Box, VP open source at Armo, explained why he thought companies were using both open source and proprietary security tools together.

“Kubernetes and its community are rooted in open source, so naturally companies look to open source first when they need something like security,” said Box. “The move to a proprietary platform is typically triggered by a need for enterprise-level support or broader coverage. There are also areas where companies stick with their open source tools because the proprietary solutions are no better, especially for service meshes, CVE scanners and policy agents.”

This second point appears to be borne out by the report, which found that service meshes in particular were the most commonly used open source security tools for Kubernetes. The full report is available on Armo’s website.