Not too long ago, we attended KubeCon EU 2022. This was especially exciting because it was the first big-industry event that we attended being a startup born in a COVID world. Having a booth on the showroom floor, being able to connect with folks from all types of backgrounds, and sharing with them what we’re building was a great learning experience.
The timing of this event couldn’t have been any more perfect. Prior to the event, we launched our new end-to-end Kubernetes security platform. We understand that current Kubernetes security approaches are insufficient and do not give people the full visibility they need. It was great giving people a hands-on look of what Mondoo brings to Kubernetes security.
Security, security, security
Based on our conversations, it seems like 2022 is the year of Kubernetes security. This reality was made apparent from the topics discussed during keynotes, what was covered in the breakout sessions, and the huge presence of security vendors on the showroom floor.
As a security vendor ourselves, this was a welcomed sign. The conversations we were able to have with people gave us tremendous insights. We learned about the security platforms people are using, what they feel is missing, or if they even have a security solution in place at all.
Hearing what people have to say
This realization came with some questions, though. We all know the running joke about how confusing Kubernetes is, but the same can be said about Kubernetes security specifically. Many people have no idea where to start. They know they had a problem, but don’t know how to tackle it. Regardless of the confusion, there was one thing that was obvious, they all recognize they have to start now.
For some, they may have some basic security in place but know it’s time to upgrade to something more comprehensive. This drive to upgrade also comes with a desire to shift that security insight into development, and finding a platform that allows them to do that.
An interesting take away from our talks is that we saw a shift in who is concerned about security for Kubernetes specifically. One point that we stressed is that security is not just a Security team’s problem anymore, it’s everybody’s responsibility. You have the Operations team leading the charge with this, but you also have Developers showing their concern as well. Red Hat spoke about this new trend in their 2022 State of Kubernetes Security Report.
Making security everybody's priority
There was a wide range of job titles, industries, and company types and sizes represented at KubeCon EU 2022. One thing that was clear, and even a little shocking, was that although there was a big security presence in terms of vendors and topics, there weren't many security professionals that we talked to.
However, there was a big developer turnout, which fits into the exact story we are trying to tell. Some of the developers we spoke to were new to the idea of security being their problem. In their minds, they build it and after it’s done, they’re done. Our conversations with developers focused on showing them the importance of building with security in mind so that they aren’t stifled by the Security team when it’s time to release to production.
On the other hand, the Operations pros we spoke to understood the importance of integrating security into the build. They understood that doing so saves the time, heartache, and frustration of trying to catch issues in production.
For many of us, this was the first time we got to see each other in person. Putting a body to a face was a welcomed experience that I’m sure many can relate to in the COVID-era. We have a few more conferences we’ll be attending this year so if you didn’t catch us at KubeCon EU, don’t worry. The next event we’ll be attending is SCaLE 19x in Los Angeles, CA. We look forward to seeing you there!