Scaling, Security Driving Adoption of Calico Networking Software

A survey of 1,200 IT professionals that have deployed open source Calico networking software published today finds the need to scale services and enforce cybersecurity polices are the top two reasons for adopting that platform at 35% each, followed closely by interoperability (33%) and encryption (30%).

The survey, conducted by Tigera, a provider of a networking and security platform based on Calico, found a full 85% identified a need to achieve network segmentation and protect east-west traffic.

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

Consequently, Calico is most commonly used to apply policies to limit pod-to-pod communication (61%), enforce secure egress access policies (41%) and implement microsegmentation policies (24%).

Overall, the survey found 59% of respondents used multiple clusters, with 50% having clusters deployed in a hybrid cloud environment. Well over half (56%) have an average cluster size of between 10–100 nodes, with Amazon Elastic Kubernetes Service (EKS) being the most-used platform to host clusters.

Nearly half of the survey respondents reported using Linux IPtables (49%) and/or Windows HNS (46%), with 16% having adopted the extended Berkeley Packet Filter (eBPF). Another 20% are planning to use eBPF.

Tigera reported that Calico is already being used across one million clusters spanning more than eight million nodes at organizations that include AT&T, Discover, Merck, NBCUniversal, HanseMerkur, Allstate, Box, Siemens Healthineers, Playtech, Royal Bank of Canada and Bell Canada.

Utpal Bhatt, chief marketing officer for Tigera, said that level of adoption suggests organizations recognize the critical role policies play in defining a zero-trust architecture to better secure cloud-native application environments.

Less clear is whether those efforts are being driven by a DevOps team or by networking and security professionals who have become more aware of Kubernetes clusters running in production environments. Regardless of who within an IT organization assumes responsibility for security and networking, it seems more resources are allocated to these functions as more organizations try to manage Kubernetes clusters at scale.

Each IT organization will need to decide for themselves how best to organize the teams needed to manage Kubernetes at scale, but there are few IT professionals who have expertise in cluster management, networking and security. The need to create a team of IT professionals that can address those issues over potentially hundreds of Kubernetes clusters will require more talent.

Of course, there will soon come a day when artificial intelligence (AI) will help reduce that inherent level of complexity, but there is going to be a need for IT professionals to, at the very least, supervise cloud-native application environments.

In the meantime, however, IT teams should assume that as more of those applications are deployed in production environments, there will be more cyberattacks launched against them. Not every cybercriminal may know how to exploit cloud-native application environments just yet, but soon, attackers will recognize them as high-value targets.