ISG Provider Lens™ Cloud Native Services and Solutions - Cloud-native Security Platforms - U.S. 2022
Cloud-native technologies are reaching the maturity stage.
After several years of booming growth and attendant hype, cloud-native technologies finally seem to be coming of age. The number of cloud-native developers stood at 6.8 million in early 2021, according to The State of Cloud Native Development report published by SlashData, with 4.6 million developers using container tools and management platforms, and 4.0 million using cloud functions or serverless architecture. A more recent survey by the Cloud Native Computing Foundation (CNCF), of its own members, indicates that about 96 percent of those organizations are either using or evaluating Kubernetes, with approximately 93 percent currently using or planning to use containers in production. The growing maturity of cloud-native technologies is bringing both new opportunities and challenges.
Developers, and the IT community in general, now have a greater understanding around the benefits of adopting modern, container-based microservices architectures for IT organizations and business performance. Optimal scalability of IT resources to meet fluctuations in demand, rapid cycle times for new software development and improved integration with DevOps and CI/CD pipelines are but a few examples. But, as some of the hype around cloud native begins to fade, there is also a newfound maturity and a more sober assessment around the challenges that cloud-native technologies can bring. These challenges include the need for new skills and ways of working, surging volumes of observability data from ever more distributed systems, and new security threats and vulnerabilities from more open, distributed ways of working.
Enterprises are choosing to address these challenges in several ways: by configuring DIY solutions on their own infrastructure, using a mix of open-source and proprietary solutions; by working with managed service providers that can architect and operate containerbased services with elements such as observability, maintenance, governance, policy compliance and security; by opting for a commercial container management platform distribution with preconfigured capabilities; or by turning to one of the many cloud-native/container-based services offered by the major hyperscalers.
ISG has identified three broad themes shaping this more mature phase of cloud-native technology adoption, presented below.
First, we are seeing the rapid rise of multi-platform, multi-cloud approaches for cloud-native technology adoption and use. Providers we interviewed emphasized that enterprises are increasingly looking to harness the native capabilities and technical tooling of public clouds, across on-premises, multi-cloud, hybrid and edge environments. The reasons are many: a need to simplify DevOps across different environments, regulatory compliance restrictions that require segregated data in on-premises environments; a desire to avoid technical debt or lock-in; or simply a wish to choose among the best in the cloud-native ecosystem.
Second, cloud-native security has emerged as a top concern for many enterprises seeking to increase the adoption and use of container-based IT architecture. Protecting cloud-native systems raises new and profound challenges. Traditional network security is based on protecting perimeters — stopping unauthorized agents or software from getting in. By contrast, cloud-native architectures are based on the use of highly distributed, often ephemeral containers in a multideveloper, multi-platform environment. In addition, cloud-native applications draw on a much greater range of open-source and third-party software components and images. The large attack surface associated with container-based systems makes it necessary to have specialized cloud-native security solutions that can scan container images, assess misconfigurations and vulnerabilities, manage identity and access, and microsegment different parts of the Kubernetes clusters.
Third, open-source software and standards are becoming of prime importance, with enterprises starting to eschew solutions that are purely proprietary in nature. The cloud-native ecosystem is largely built on open-source foundations, with Google Cloud making the original upstream Kubernetes open source, in 2014, and the CNCF contributing large numbers of opensource projects across the cloud-native ecosystem. The difference now is that open-source standards and tooling are increasingly a sine qua non; enterprises expect that even a commercial observability or cloud-native security platform will integrate with some opensource solutions such as Prometheus, OpenTrace or Falco. Enterprises are looking for solutions that tame the complexity of open-source, but ultimately, they want open-standard best-of-breed solutions, not closed platforms.
Looking specifically at the market for cloud-native services and solutions in the U.S., ISG notes several trends, which are summarized below.
The available data suggests that adoption and use of containers and Kubernetes are high among the developer community in the U.S., but are showing some signs of plateauing. This finding is consistent with our view that cloud-native technologies are entering a more mature phase, focused on integration and optimization of these technologies. Sixty percent of backend developers in North America used containers in 2021 (slightly down from 62 percent the previous year); 33 percent used container orchestration (32 percent in 2020), according to SlashData’s The State of Cloud Native Development report. However, the use of serverless architecture appears to be increasing (36 percent in 2021 versus 30 percent in 2020), as is the use of overall cloudnative technologies (for example, service meshes, microservices and declarative APIs), rising from 47 percent to 50 percent of developers.
A more recent, separate report from the CNCF indicates that 55 percent of its members in North America now use Kubernetes in production, with 30 percent using it in the proof-of-concept stage, and 11 percent not using Kubernetes, but evaluating it. While more than half of the North American CNCF members are using Kubernetes in production, it is notable that this proportion is lower than Europe (69 percent) and South and Central America (62 percent).
Automation, machine learning and AI are increasingly becoming important to cloudnative technologies and applications within the U.S. market. Providers and enterprises are looking to intelligent automation platforms and products as a way to automate traditionally timeconsuming aspects of cloud-native operations and development. They are using them to reduce noise in increasingly large volumes of observability data and provide advanced detection and remediation capabilities in cloud-native security, incidence and alert management systems.
The range of use cases for containers and cloud-native technologies is expanding, beyond the traditional focus on software applications, to encompass infrastructureas- code (IaC) and use in machine learning applications. Another development is the growing use of containers with persistent data storage capabilities. Containers, by their nature, are often ephemeral, with their data usage transitory and short-lived. Persistent storage containers have tools or bridges to databases, making them more suitable for data-centric applications or in uses with stringent compliance requirements around data.
Finally, it is worth remembering that legacy applications and infrastructure remain important, even in an increasingly cloud-native environment. Amidst the cloud-native revolution, the majority of applications for many enterprises in the U.S. are still legacy, often residing in on-premises environments. Migrating these applications is often difficult, for technical, regulatory or cost reasons. For these reasons, providers need to maintain skills and offerings in legacy infrastructure and applications, and to offer graduated solutions that bridge the gap between the legacy and cloud-native worlds.
Access to the full report requires a subscription to ISG Research. Please contact us for subscription inquiries.