Container adoption has grown appreciably over the last two years with serverless functions being used largely on a limited basis. However, those project teams that have had containers deployed in production for more than two years are more likely to be using serverless functions extensively, a leading indicator of the future composition of cloud-native applications.
In addition to increasing cost and complexity, the use of environment-specific cybersecurity controls contributes to an inability to implement centralized policies. Such policies will require a clear understanding of the threat models specific to cloud-native applications and infrastructure. Program maturation will come with experience as evidenced by the percent of organizations with containers in production for more than 2 years who reported that they have implemented a more robust set of automated policies.