Amazon Web Services (AWS) recently published the 2020 AWS Container Security Survey results. This survey is a follow-up to the 2019 AWS Container Security Survey. The differences between these two surveys highlight several interesting trends that we will discuss below.

Interestingly, the number of participants itself is an indicator of the upward trend in adoption for AWS and Kubernetes, as well as the need to secure both. In 2019, 68 IT, Security and DevOps professionals participated. In 2020, that number grew to 156 participants across a healthy mix of DevOps & SREs (52.3%), Architects (34%), and InfoSec (24.2%) professionals.

Following are our top takeaways from the 2020 AWS Container Security Survey.

Kubernetes is the De Facto Container Orchestration Engine

2020 saw the end of container orchestration wars with Kubernetes becoming the de facto container orchestration engine. More than 77% of the participants said that they are using Kubernetes in one form or another.

Image courtesy: AWS Blog – Results of the 2020 AWS Container Security Survey

Amazon EKS is the Container Orchestrator of Choice on AWS

Image courtesy: AWS Blog – Results of the 2020 AWS Container Security Survey

Amazon EKS on EC2 was the top choice with more than 50% of the participants favoring it followed by open source Kubernetes at 30.8%. For customers who want to deploy and manage Amazon EKS or upstream Kubernetes distribution or both, check out the Rafay Kubernetes Management Cloud. It’s the perfect choice to globally manage all the clusters through a single pane of glass with a broad set of container lifecycle management and security capabilities.

AWS Secrets Management and Hashicorp Are Top Choices for Managing Secrets

Image courtesy: AWS Blog – Results of the 2020 AWS Container Security Survey

AWS Secrets Manager and HashiCorp Vault are the top choices to manage secrets and protect sensitive data-at-rest and data-in-motion at 50.6% and 38.3% respectively. The flexibility of Rafay Kubernetes Management Cloud enables DevOps administrators to seamlessly integrate with the secrets manager of their choice such as AWS Secrets Manager or HashiCorp Vault or use the default Secrets Manager prepackaged with Rafay KMC.

Pod Security Policies are in Fashion with OPA Gatekeeper in the Horizon

Image courtesy: AWS Blog – Results of the 2020 AWS Container Security Survey

Pod security policies (PSPs) were the most preferred way to manage Kubernetes policies with 45.8% of the participants favoring it. However, about 15% of the participants indicated that they will jump ahead into the Cloud Native Computing Foundation (CNCF) Open Policy Agent (OPA) subproject Gatekeeper. Given the pending deprecation of PSPs in Kubernetes, it would be prudent to jump right ahead into the preferred choice of policy management for the future. Here is a great write-up on OPA and its integration with Kubernetes.

The Rafay KMC future proofs your Kubernetes deployments by supporting PSPs as well as seamlessly integrating with OPA Gatekeeper. And this can be enforced by using the cluster blueprint feature for policy management.

AWS Identity and Access Management (IAM) is the Top Choice to Manage Users

Image courtesy: AWS Blog – Results of the 2020 AWS Container Security Survey

Identity and access management (IAM) is supercritical in an environment like AWS or any other public cloud or hybrid cloud to control and track access to resources, projects and data. Native AWS IAM was the most popular choice with 80.8% of participants preferring it over Active Directory/LDAP and SSO at 20% and 29.2% respectively.

It is important to note that simply implementing IAM in an environment like AWS is not 100% sufficient. When you enable a user to access specific resources, you also end up providing access to the entire AWS VPC. Rafay KMC’s unique Zero-Trust Kubectl Access (ZTKA) not only secures the AWS VPC at all times but also provides granular access control in a dynamic fashion across a globally distributed deployment.

GitOps is Taking Over the World

Image courtesy: AWS Blog – Results of the 2020 AWS Container Security Survey

2020 was the first time the participants were asked about the adoption of GitOps. A whopping 64.5% of the participants are already using GitOps in their environments. It is apparent that customers have started to realize the benefits of microservices and containers in true CI/CD fashion using declarative CD pipelines such as GitOps.

With the latest Rafay KMC version 1.4, Rafay enables DevOps administrators to implement cloud-native, GitOps continuous deployment (CD) pipelines directly through the Rafay management console. The Rafay KMC also seamlessly integrates with several continuous integration (CI) tools.

The Rafay KMC: GitOps Pipelines

AWS, Amazon EKS and Kubernetes

AWS is clearly the top cloud service provider and Kubernetes, without a doubt, has clearly emerged as the leading container orchestration and multi-cluster management strategy for modern applications. And as clusters grow to fleets, across multiple environments and regions, it becomes prudent to leverage a cloud provider for Kubernetes management as well. This enables you to take advantage of everything the cloud has to offer — be running in minutes, unlimited scalability, embedded security, and seamless integrations with other services such as identity management, storage, secrets management, data encryption, and much more. It is important to recognize that, in addition to several of the above statistics, there is more to containers and Kubernetes. DevOps teams also need to think about how to best manage a global fleet of Kubernetes clusters at scale, with multi-tenancy, access control, backup and restore, and Kubernetes lifecycle management.

To learn more about integrating with, running, securing and managing Amazon EKS and Amazon EKS Distro with Rafay Kubernetes Management Cloud, check out these resources:

1. What is Amazon EKS Distro (EKS D)?
2. How to Provision and Manage Amazon EKS Distro (EKS-D) Using Rafay
3. White Paper: Simplifying Amazon EKS Deployments & Operations
4. Webinar: Meet the Easy Button for AWS EKS Multi-Cluster Management
5. Zero-Trust Kubectl Access: The Easiest & Most Secure Option For Managing Kubernetes Clusters
6. Rafay Systems Achieves Advanced Technology Partner Status in the AWS Partner Network