Our 2023 edition of the State of Kubernetes Security Report delves into the latest findings from our annual survey around cloud-native security, focusing on containerized workloads and Kubernetes. This report is based on a survey of 600 DevOps, engineering, and security professionals from across the globe spanning large enterprises and small-to-medium sized organizations. The report uncovers some of the most common security challenges organizations face on their cloud-native adoption journey, and their impact on the business.
- Two-thirds of respondents reported delaying or slowing down deployment due to Kubernetes security concerns.
- Organizations report numerous adverse impacts as a result of container and Kubernetes security and compliance incidents, including revenue loss and fines.
- A majority of respondents have a DevSecOps initiative underway, though 17% say they operate security separate from DevOps.
- Vulnerabilities and misconfigurations are top security concerns with container and Kubernetes environments.
- Use of open source software is a big concern for software supply chain security.
67% of companies have delayed or slowed down deployment due to a security issue
Our survey found that 67% of respondents have had to delay or slow down application deployment due to security concerns. Some organizations are overwhelmed by security needs that stretch across all aspects of the application life cycle, from development through deployment and maintenance. Therefore, they need a simplified way to protect their containerized applications without slowing development or increasing operational complexity.
When security is prioritized early, organizations are making an investment in protecting their valuable business assets, such as sensitive data, intellectual property, and customer information. They are also able to better meet regulatory requirements, ensure business continuity, maintain customer trust, and reduce their long-term cost of remediating security issues later in the development life cycle or after it has been exploited.
Benchmark yourself against the findings in this report to determine how you can accelerate your efforts to apply security controls across containers and Kubernetes.
37% of respondents identified revenue/customer loss as a result of a container and Kubernetes security incident.
Security issues can have severe impacts on business. 21% of respondents said that a security incident led to employee termination, and 25% said the organization was fined. Another potential negative impact of container and Kubernetes security incidents is slowing business growth. 37% of respondents identified revenue/customer loss as a result of a cContainer and Kubernetes security incident. Security breaches could result in the delay of critical projects or product releases, as businesses must prioritize security efforts to address the vulnerabilities that were missed in the development stage. This delay could have a ripple effect on the business, resulting in lost revenue, customer dissatisfaction, or even loss of market share to competitors. Furthermore, a security incident could lead to customer loss, as customers may lose trust in the business's ability to protect their data and may seek out competitors with a stronger security track record.
A majority of respondents have a DevSecOps initiative underway
The majority of organizations are embracing DevSecOps—a term that encompasses the processes and tooling that allow security to be built into the application development life cycle, rather than as a separate process. However, with 17% of organizations operating security separate from DevOps, lacking any DevSecOps initiatives, they may also be missing out on the benefits of integrating security into the SDLC, such as improved efficiency, speed, and quality of software delivery.
Vulnerabilities and misconfigurations are top security concerns with container and Kubernetes environments
More than 50% of respondents are worried about misconfigurations and vulnerabilities, owing to the fact that containers and Kubernetes are highly customizable. The dynamic environments in which containers operate, the shared host operating system kernel and other resources, and the large number of third-party components make it a challenge to maintain consistent security posture. Taken together, this makes managing security configuration and detecting and mitigating vulnerabilities a particularly challenging task, and something that our survey respondents worry about the most.
Use of open source software is big concern for software supply chain security
Software supply chain security has been a hot topic, and supply chain attacks are increasing rapidly. The survey findings indicate that respondents are concerned about various aspects of the software supply chain, with the top concerns being software vulnerabilities and use of open source software. Concerns about software vulnerabilities are understandable, as software vulnerabilities can lead to serious security incidents, such as data breaches, malware infections, and unauthorized access. The use of open source software poses a security challenge to software supply chains, as open source software is widely used in modern software development, and it may also introduce security risks if it contains vulnerabilities or is not properly maintained.
Read the full report for tips on achieving better security
When security becomes an afterthought, organizations put at risk the core benefit of faster application development and release by not ensuring that their cloud-native environments are built, deployed, and managed securely. Our findings show that what happens in the build and deploy stages has a significant impact on security, which was underscored by the prevalence of misconfigurations and vulnerabilities across organizations. Security, therefore, must shift left, imperceptibly embedding into DevOps workflows instead of being “bolted on” when the application is about to be deployed into production.