Menu
93% of Kubernetes users struggle with security

93% of Kubernetes users struggle with security

State of Kubernetes Security report indicates security is a roadblock for organisations adopting Kubernetes, containers, and a cloud-native ecosystems, though devsecops adoption is on the rise.

Credit: Dreamstime

Security is a significant concern for Kubernetes and container-based development, according to Red Hat’s State of Kubernetes Security report for 2022.

In fact, 93 per cent of survey respondents experienced at least one security incident in their Kubernetes and container environments in the past 12 months, sometimes leading to the loss of customers or revenue. This was likely the result of a variety of factors, including a lack of security knowledge about containers and Kubernetes, inadequate tools, and central security teams unable to keep up with application development teams. 

Red Hat also notes that Kubernetes and containers were designed for developer productivity, not necessarily security.

Published last month, the report analysed trends in Kubernetes, container, and cloud-native security. It was based on a survey of more than 300 devops, engineering, and security professionals. Red Hat published the following key findings:

  • 55 per cent of respondents delayed or slowed down application deployment due to security concern
  • 53 per cent detected a misconfiguration in Kubernetes in the past 12 months
  • 57 per cent worry the most about securing workloads at runtime
  • 78 per cent have a devsecops initiative either in beginning or advanced stages
  • 43 per cent consider devops as the role most responsible for Kubernetes security
  • 38 per cent have had a major vulnerability to remediate pertaining to containers and/or Kubernetes in the previous 12 months

Organisations adopting containers, Kubernetes, and a cloud-native ecosystems risk the security of their critical applications if they do not invest in security strategies and tools, Red Hat said. But devsecops — which builds security processes and tools into the devops pipeline — is seeing mass adoption.

Kubernetes is a highly customisable container orchestrator with various configuration options affecting application security, according to the report. Security tools should provide the guard rails to configure Kubernetes more securely. 

Runtime, in particular, represents the container lifecycle phase organisations worry about the most. But runtime security issues typically are caused by lapses such as a misconfiguration at the build or deploy stage.

Red Hat made the following recommendations to achieve better security:

  • Use Kubernetes-native security architectures and controls
  • Security should start early and extend across the full lifecycle
  • Portability should be required across hybrid environments
  • Developers should be transformed into security users by bridging devops and security

Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Red HatKubernetescyber security

Events

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.

WIICTA 2023

ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments