Tigera, a key player in the container and Kubernetes security landscape, has unveiled its latest insights through the 2023 State of Calico Open Source: Usage & Adoption Report. The comprehensive survey involved over 1,200 global users of the Calico Open Source platform, aiming to shed light on the evolving needs of IT professionals in terms of container networking and security.
Diverse organizations spanning technology, healthcare, government, insurance, and financial services participated in the survey, revealing the pivotal capabilities that are driving the widespread adoption of Calico:
Scalable networking (35%)
Security policies (35%)
Interoperability across different environments (33%)
Encryption capabilities (30%)
A critical issue addressed in the report is the challenge of network visibility within Kubernetes clusters and workloads. The lack of this visibility often leads to misconfigurations, creating openings for threats like ransomware attacks, data exposure, DoS attacks, and unauthorized lateral movement. Red Hat's recent State of Kubernetes Security Report underscored that nearly half of respondents encountered these issues in the past year, emphasizing the need for workload-level visibility to counteract these vulnerabilities.
Tigera's report highlighted that the most popular security policies among Calico users are those which restrict pod-to-pod communication, followed by policies that ensure secure egress access:
Workload access policies that limit pod-to-pod communication (61%)
Secure egress access policies (41%)
Microsegmentation policies (24%)
Compliance (8%)
A staggering 85% of respondents expressed the necessity of network segmentation and safeguarding east-west traffic. Enhanced security controls at the workload level were identified as vital for preventing lateral movement of threats and supporting compliance efforts. Egress access controls were noted as a crucial feature for adopting a default-deny stance to mitigate data exfiltration risks.
Calico's role in providing container networking and security capabilities was acknowledged as a significant asset for enterprises globally.
The report also delved into trends in cluster deployments, uncovering that most Calico clusters are being deployed across various cloud environments:
59% of Calico users employ multiple clusters
50% have clusters deployed in hybrid cloud settings
56% of users maintain clusters with an average size of 10–100 nodes
Amazon Elastic Kubernetes Service (EKS) emerged as the top Kubernetes platform or service among Calico users
An important takeaway was the preference for offering users a range of choices when it comes to data planes. Respondents indicated that there isn't a one-size-fits-all solution; instead, they employ a mix of data planes including eBPF, standard Linux, and Windows.
Almost half of the respondents use Linux IPtables (49%) and/or Windows HNS (46%)
16% utilize Calico's newer eBPF data plane, and 20% plan to use it in the future
Tigera's Calico supports a versatile selection of data planes, allowing users to tailor their approach to their unique needs. The Calico project is driven by an active community of developers and users, with the Calico Open Source solution emerging as a prominent networking and security solution for containers, VMs, and native host-based workloads. Supporting various platforms including Kubernetes, OpenShift, Docker EE, and more, Calico's significance is evident in its adoption across a vast array of clusters and nodes, underpinning its reputation as a leading technology in the field.
###