This semiannual edition of the State of Kubernetes Security report examines how companies are adopting Kubernetes, containers, and cloud-native technologies while meeting the challenges of providing security for their vital Kubernetes applications. This report compiles survey results from more than 500 DevOps, engineering, and security professionals.1 It uncovers new findings about how companies are implementing DevSecOps initiatives to protect their cloud-native environments.
- More than half of respondents have delayed deploying Kubernetes applications into production due to security.
- Almost all respondents experienced at least one security incident in their Kubernetes environments in the last year.
- Security is the top concern in container strategies, but DevSecOps is on the rise.
- Majority of respondents are running production workloads in Kubernetes.
- Hybrid cloud deployment strategies are the most common, and Red Hat OpenShift is the leader in hybrid cloud deployments.
55% of respondents have had to delay an application rollout because of security concerns
When security becomes an afterthought, agility is compromised. To prevent delays in application deployment and realize the benefits of containers and Kubernetes, organizations must build security into the development phase so they can address as many security challenges as possible during the build stage.
94% of respondents experienced at least one security incident in their Kubernetes environments in the last 12 months
Misconfiguration is the leading cause of security incidents by a wide margin. In general, human error is the most-often cited cause of data breaches and hacks.2 Kubernetes and containers, while powerful, increase this risk due to the significant configuration required.