Red Hat report reveals major security concerns with Kubernetes
Red Hat has released its annual State of Kubernetes Report, revealing significant security concerns among organisations worldwide. According to the report, nearly half (46%) of all organisations experienced revenue or customer loss last year due to container or Kubernetes security incidents.
The survey included 600 IT professionals globally, shedding light on the prevalent security challenges associated with Kubernetes adoption. The report found that almost all organisations (89%) had encountered at least one container or Kubernetes-related security incident in the past year. However, 42% of respondents disclosed that their companies do not invest sufficiently in container security.
IT leaders need to prioritise Kubernetes security, as the report indicates. Among the various security risks identified, vulnerabilities in the environment were a significant concern for 33% of IT specialists. Additionally, 27% were worried about misconfigurations, and 24% were concerned about external attacks.
Kubernetes and containers add new software layers, increasing complexity and introducing additional security risks to critical infrastructure. Robust security measures are essential to protect against vulnerabilities, unauthorised access, and data breaches. Specifically, professionals are concerned about coding errors (36%), exposed or unprotected sensitive data (34%), and poor network security (32%).
The report also highlights a disparity in security investment and responsibility within organisations. Security is often viewed as a shared responsibility, with only 34% of respondents stating that the security team holds primary responsibility for Kubernetes security. In contrast, operational teams such as Ops (18%), DevOps (17%), and DevSecOps (15%) share the majority of the responsibility in 50% of the cases.
Addressing these security concerns, Red Hat provides a range of recommendations for successful Kubernetes security. They suggest using security measures specifically designed for Kubernetes, extending security across all application lifecycle phases, and implementing tools that support DevSecOps practices.
The widespread adoption of Kubernetes necessitates stringent security measures from the outset to protect applications while maintaining efficiency and usability. As security incidents continue to impact revenue and customer retention, organisations must reassess their security strategies and investments to mitigate these risks effectively.
Based on data from a survey of 600 DevOps, engineering, and security professionals around the world, the 2024 edition of the State of Kubernetes security report examines some of the most common cloud-native security challenges and business impacts that organisations of all sizes experience.
The report provides organisations with 13 key findings based from the survey and actions they can take to increase the security of a business' cloud-native environment.