Organizations Adopting Cloud-Native Apps Struggle with Security Issues Stemming from API Sprawl, Survey Shows

  • 86% of respondents say their organization is actively using or has started using cloud-native apps today
  • due to security and networking issues, only 10% run half or more business apps on Kubernetes and only 12% run a quarter or more based on microservices
  • 58% of respondents say the growing volume of APIs in modern cloud-native apps is causing them problems
  • respondents cited security as the top challenge resulting from this API sprawl


Amid the COVID-19 pandemic, organizations everywhere are adopting cloud-native apps and cloud-centric business processes. But, according to one recent survey, the shift to cloud-based operations is proving challenging, especially from a security standpoint.

In a poll of over 300 IT decision makers across the US, respondents indicated that cloud-native apps and Kubernetes deployments are particularly difficult to secure and connect, as the growing number of APIs and microservices they incorporate make them more distributed and harder to protect.

Nine in 10 organizations use cloud-native apps, the Volterra study shows. However, due to security and networking issues, only 10% run half or more business apps on Kubernetes and only 12% run a quarter or more based on microservices.

83% of respondents in the survey work at mid- sized companies that employ between 500-5,000 staff, while the remaining 17% work at enterprises with over 5,000 employees. Most respondents work in DevOps, infrastructure and operations (I&O) or as part of an application team.

According to the study, cloud-native app adoption has become mainstream, with 86% of respondents saying their organization is actively using or have started using cloud-native apps today. And, while half of organizations use Kubernetes in some capacity, security and networking challenges prevent them from using the container-orchestration system widely across business apps. Only one in 10 organizations run half or more of their business apps on it.

67% of respondents say DevOps is responsible for choosing networking and security solutions for their Kubernetes environments, and 63% say DevOps is responsible for managing those operations.

Security and connectivity challenges are also preventing organizations from using microservices for more of their business apps, respondents said. 57% said that less than 10% of all their business apps are based on microservices architecture, while 88% say that less than 25% of business apps are based on it.

“Cloud-native apps rely heavily on a microservices architecture and use far more APIs than traditional monolithic apps, including deeply embedded and hidden APIs,” said Mark Weiner, CMO, Volterra. “This increase in microservices and APIs makes modern apps far more complex to secure and connect. As a result, organizations are really struggling to get the agility and scalability they expected from their cloud-native environment and investment.”

In a study by the International Information System Security Certification Consortium (ISC)² designed to assess the size of the current cybersecurity workforce and the challenges and opportunities they face, cloud computing security emerged as the most in-demand skillset, with 40% of respondents indicating they plan to develop it over the next two years.

While some businesses are faring better than others in terms of cloud security, IT professionals everywhere say that cyber risk has increased substantially as organizations must facilitate remote access to mission-critical applications and data. To cope with the rise in security incidents associated with remote-work conditions, IT decision makers have started warming up to cloud security, according to CyberEdge research.