In our last article on the GovDevSecOpsHub, we discussed the basics of Kubernetes deployments and how the widespread embrace of Kubernetes has created a new challenge that industry experts call, “cluster sprawl.”
Governmental agencies have begun to shed the stigma of being known as slow progress entities. Constituents demand services at the speed of innovation. The public now expects the public sector to match Amazon, Apple, and Google in efficiency and experience. And, to their credit, leadership within the government’s largest agencies and organizations are setting those same expectations.
This has resulted in the adoption of new technologies across the government. With agencies handling sensitive public data, and with the public needing services on-the-ready, DevSecOps, containerization, and methodologies like Kubernetes have been widely adopted.
However, the speed and flexibility afforded by Kubernetes and other similar platforms aren’t without drawbacks. Let’s look at the costs of cluster sprawl on our agencies and organizations in light of ongoing issues like resourcing, workloads, stress, and of course the impact of the ever-present and unexpected COVID-19 pandemic of this last year.
Hidden Risks Lurk in the Data
On the surface, it would be easy to assume that these strides forward are exactly as they seem – a slam dunk. The embrace of platforms like Kubernetes has resulted in more open-source development, more capacity to produce, and greater assurance that developers can create isolated services with greater security. However, cluster sprawl, with Kubernetes clusters too innumerable to count, is frequently leaving our teams haggard, our cluster farms difficult to manage, and security tricky to ensure.
A recent D2iQ study looks at cluster sprawl and its impact on development teams, and it lays bare an uncomfortable reality – Kubernetes introduces greater complexity to our environments. And that complexity has ramifications on developers, with 78 percent of developers claiming that this complexity is a source of pain in their daily work.
The speed at which Kubernetes enables development and deployment taxes the developers in palpable ways. While developers are often excited about their work with Kubernetes, 38 percent indicate that it also causes them to face issues of burn-out – cluster sprawl is a key contributor, among other significant and ongoing issues. Frustration and stress are also commonly experienced sentiments.
There is already a widely known struggle to find enough talent in the workforce to meet the needs of digital transformation in our agencies. Creative strategies for filling the vacancies needed to match the pace of innovation are popping up in discussions across the web. 98 percent of organizations are implementing training initiatives, as opposed to recruiting new Kubernetes talent. There is a staffing shortage that needs to be addressed. In this environment, government agencies simply can’t afford to burn out their developers and risk losing them to other organizations
“…cluster sprawl can make government organizations even less secure. With so many clusters being created independently, and without adequate governance and management, our agencies could fall vulnerable to efficiency issues as tracking resource usage becomes difficult.”
With that shortfall as an inherent reality in our development and deployment teams, and with the increased demand and increased capacity for innovation possible with Kubernetes and cloud-native applications, our talented personnel are feeling the pressure. 38 percent of key developers and architects feel extremely burned out, and 51 percent want to find alternative employment. Losing staff in an already tightly resourced landscape could introduce greater risk and is certainly a rumble strip on the innovation highway, if not a full-on speed trap.
The COVID-19 global pandemic has caused many organizations to cut development budgets and freeze hiring, while also choosing this lull in other activities to launch headlong into digital transformation initiatives. Improving organizational agility is a key goal. Crisis creates opportunity. But opportunity can often exacerbate the crisis.
Cluster sprawl is already commonplace. A taxed workforce is a reality, according to the D2iQ study. The total shake-up of society, especially in the workplace, has increased the stress load. Our employees are managing homes, families, and their jobs all from the same locations. Add in shrinking budgets, increased expectations, and a shortage of help, the impact of cluster sprawl could really take its toll across our organizations.
Agencies must find ways to manage the stress load of our teams by ensuring we aren’t over-taxing our talent. We can also ensure that our cluster farms are managed by ubiquitous governance policy and practices that decrease the inefficiencies that serve as the handbrake for progress by setting universal policy and standards for security for the clusters across the landscape of our application services. And we can be certain that our digital transformation efforts are delivering the benefits of innovation.
More sprawl means less security
The impact on staff resources is just one of the many negative impacts of cluster sprawl on government organizations. Government agencies face an incredibly large, complex, and sophisticated cyber threat landscape. This is especially true for state governments, local governments, and education institutions.
According to James Yeager, the Vice President of Public Sector at CrowdStrike, “There are so many state and local governments. They outnumber the federal agencies four to one. That makes it a numbers game for the adversary. They’re low-hanging fruit and there are a lot of them. So, they’ll utilize ransomware attacks on the smaller cities, smaller towns, local law enforcement, K-12 education. In these organizations, you may not have a CISO – or the CISO is also the helpdesk guy. So, the targets are plentiful and they’re easy to attack.”
This hostile and sophisticated threat landscape has only become more effective and energized as government data and information has moved online. “I think government agencies – like any large enterprise – are more vulnerable because they are increasingly storing their information on networked drives and platforms,” explained Shawn Henry, former Executive Assistant Director of the FBI. “…there are simply more types of valuable data stored in cyberspace, making it a more fertile ground for attackers.”
Unfortunately, cluster sprawl can make government organizations even less secure. With so many clusters being created independently, and without adequate governance and management, our agencies could fall vulnerable to efficiency issues as tracking resource usage becomes difficult.
Ensuring that each and every cluster has appropriate and adequate security can be less-than-clear in a poorly managed cluster sprawl. With government agencies constantly warding off cyber-attacks from state-sponsored operators and e-crime’s recent rise, this is an urgent security situation for our agencies to overcome.
In our next and last post in this series, we’ll lay out four key considerations in combating Kubernetes cluster sprawl within our agencies.
