A new study on the current state of cloud-native security found that a considerable number of cloud adopters do not understand the security risks of moving legacy applications to the cloud, opening themselves to a number of cloud-based attacks.\n\nThe study conducted by cybersecurity firm, Venafi, surveyed 800 security and IT leaders in organizations spanning four countries \u2014 the US, the UK, Germany, and France. The study was performed to examine the top threats and challenges currently facing cloud-native security.\n\n\u201cApplication development teams are moving faster and faster to keep their businesses in the lead, turning to strategies like containerization and micro-services, which have made rapid-fire application enhancements a reality,\u201d said the Venafi report. \u201cIn many cases, cloud-native security is lagging behind, and there is little clarity on who should own the security function within engineering, platform, and development teams.\u201d\n\nThe report noted that this lack of clarity is a huge problem when it comes to securing machine identities\u00a0\u2014 the authenticators that secure communications and connections within a cluster of containers\u00a0\u2014 as they serve as the foundation of cloud-native security.\n\n\u201cDespite their relative importance, the application of machine identities in cloud-native implementations \u2014 such as service meshes, software supply chain security, and code signing of development artifacts \u2014 is often misunderstood,\u201d the report added.\n\nRushed cloud adoption has cost and security implications\n\nThe respondents in the study revealed they are rapidly shifting to the cloud to do away with the lengthy application development and release cycles as they can\u2019t afford to wait around for critical new features. Eighty-seven percent of the respondents said they have moved their legacy applications to the cloud.\n\nHowever, there is a major gap in understanding the security implications of this transition with more than half (59%) of the respondents saying they did not understand the security risks that accompanied shifting legacy applications to the cloud. Another 53% admitted to having just lifted and shifted to the cloud with most of the application code remaining the same.\n\nAnother drawback of blindly moving things to the cloud was found to be the cost associated with the move. \u201cFifty-two percent have suffered from cloud sprawl and bill shock since moving legacy applications to the cloud,\u201d said the report. \u201cSeventy-seven percent of those impacted by cloud sprawl and bill shock have reconsidered moving applications to the cloud.\u201d\n\nAnother key trend noticed was that the race to the cloud has made containerization a popular choice among the developers with 84% of survey respondents believing that Kubernetes will soon be the main platform used to develop all applications. As the use of Kubernetes increases and matures, the complexity of cloud-native strategies is becoming more apparent.\n\nKubernetes brings more challenges\n\nRespondents agreed to a degree of uncertainty when it came to Kubernetes adoption, with 75% of respondents believing the speed and complexity of Kubernetes and containers create new security blind spots.\n\nOther key issues with moving to containerization included challenges applying patches (43%), vulnerabilities caused by misconfigurations (41%), outages due to poorly managed certificates (32%), and failed security audits (22%).\n\nFifty-nine percent of the respondents said they experienced security issues within Kubernetes or container environments. The leading causes for these issues included network breaches (42%), API vulnerabilities (41%), and certificate misconfiguration (39%).\n\nCertificate misconfiguration\u00a0\u2014 a machine identity challenge\u00a0\u2014 proved to be a more significant concern in the US at 45%. Moreover, 68% of respondents said developers sometimes don\u2019t use certificates because issuance adds friction to developer processes. \n\nDespite the challenges accompanying machine identities, 88% of respondents said they believe the concept of machine identity is essential to the success of zero-trust models. However, ownership still remains unclear for machine identity management, with 74% worrying that developers are challenged with several conflicting priorities, so security is not always top of mind.