On average, open source tool users employ 3.6 different tools. Service mesh, network policy and micro-segmentation, and misconfiguration scanning were the main uses of these open source technologies.
Over half of respondents to a recent Armo poll on the deployment of security software solutions with Kubernetes employ open source technology. Open source technologies were utilised for service mesh solutions at a rate that was much higher (32%) than other alternatives (24%). The survey’s authors contend that this results from the availability of numerous well-supported open source service mesh solutions. They especially mention projects that have graduated from the Cloud Native Computing Foundation (CNCF), including Linkerd, Istio, and Open Service Mesh.
This conclusion was supported by a CNCF survey on service mesh technologies. They discovered that the two most often used solutions were Linkerd and Istio. These were followed by exclusive options like AWS App Mesh and HashiCorp Consul.
Survey participants expressed discontent with proprietary software as opaque solutions over which they have little or no control. The difficulty in comprehending pricing schemes and the prohibitive cost of proprietary software came after this obstacle. However, runtime security, the safeguarding of secrets, and vulnerability scanning mainly relied on proprietary software. For those three categories, more than half of the respondents have a commercial solution in place.
There was some agreement between respondents’ opinions of who ought to control these solutions and who really controls the tooling in practise. DevSecOps teams received the highest rankings as both the team that now owns the solutions (58%), and as the team that respondents thought should have this responsibility (63%). The authors of the paper did highlight that they did not enquire further about how the firms had set up their DevSecOps teams.
According to the study, only 10% of respondents believe their developers and security teams are professionals at managing the security of their Kubernetes settings, which is in line with Fricke’s concern.