Kubernetes adoption, security, and market trends report 2023

Executive summary

Our 2023 edition of the State of Kubernetes Security Report delves into the latest findings from our annual survey around cloud-native security, focusing on containerized workloads and Kubernetes. This report is based on a survey of 600 DevOps, engineering, and security professionals from across the globe spanning large enterprises and small-to-medium sized organizations. The report uncovers some of the most common security challenges organizations face on their cloud-native adoption journey, and their impact on the business.

Report highlights

  • Two-thirds of respondents reported delaying or slowing down deployment due to Kubernetes security concerns.
  • Organizations report numerous adverse impacts as a result of container and Kubernetes security and compliance incidents, including revenue loss and fines.
  • A majority of respondents have a DevSecOps initiative underway, though 17% say they operate security separate from DevOps.
  • Vulnerabilities and misconfigurations are top security concerns with container and Kubernetes environments.
  • Use of open source software is a big concern for software supply chain security.

67% of companies have delayed or slowed down deployment due to a security issue

Our survey found that 67% of respondents have had to delay or slow down application deployment due to security concerns. Some organizations are overwhelmed by security needs that stretch across all aspects of the application life cycle, from development through deployment and maintenance. Therefore, they need a simplified way to protect their containerized applications without slowing development or increasing operational complexity.

When security is prioritized early, organizations are making an investment in protecting their valuable business assets, such as sensitive data, intellectual property, and customer information. They are also able to better meet regulatory requirements, ensure business continuity, maintain customer trust, and reduce their long-term cost of remediating security issues later in the development life cycle or after it has been exploited.  

Benchmark yourself against the findings in this report to determine how you can accelerate your efforts to apply security controls across containers and Kubernetes. 

Chart: 67% answered yes to the question, Have you ever delayed or slowed down application development into production due to container or Kubernetes security concerns?

37% of respondents identified revenue/customer loss as a result of a container and Kubernetes security incident.

Security issues can have severe impacts on business. 21% of respondents said that a security incident led to employee termination, and 25% said the organization was fined. Another potential negative impact of container and Kubernetes security incidents is slowing business growth. 37% of respondents identified revenue/customer loss as a result of a cContainer and Kubernetes security incident. Security breaches could result in the delay of critical projects or product releases, as businesses must prioritize security efforts to address the vulnerabilities that were missed in the development stage. This delay could have a ripple effect on the business, resulting in lost revenue, customer dissatisfaction, or even loss of market share to competitors. Furthermore, a security incident could lead to customer loss, as customers may lose trust in the business's ability to protect their data and may seek out competitors with a stronger security track record.

Chart: In the past 12 months, have you experienced any of the following impacts to your business as a result of containers/Kubernetes security or compliance issues or incidents? (Select all that apply.). The top answers are, Project delays at 44%, Negative impact to project success at 39%, Revenue or customer loss at 37%, Fines at 25%, and employee termination at 21%.

A majority of respondents have a DevSecOps initiative underway

The majority of organizations are embracing DevSecOps—a term that encompasses the processes and tooling that allow security to be built into the application development life cycle, rather than as a separate process. However, with 17% of organizations operating security separate from DevOps, lacking any DevSecOps initiatives, they may also be missing out on the benefits of integrating security into the SDLC, such as improved efficiency, speed, and quality of software delivery.

Chart: Do you have a DevSecOps initiative in your organization? (Select only one response.) 45% answered Yes, it’s in an advanced stage where we’re integrating and automating security throughout the life cycle. 39% answered Yes, it’s in an early stage, with DevOps and security collaborating on joint policies and workflows. 17% answered No, DevOps and Security remain separate, with minimal collaboration.

Vulnerabilities and misconfigurations are top security concerns with container and Kubernetes environments

More than 50% of respondents are worried about misconfigurations and vulnerabilities, owing to the fact that containers and Kubernetes are highly customizable. The dynamic environments in which containers operate, the shared host operating system kernel and other resources, and the large number of third-party components make it a challenge to maintain consistent security posture. Taken together, this makes managing security configuration and detecting and mitigating vulnerabilities a particularly challenging task, and something that our survey respondents worry about the most. 

Chart: Of the following risks, which one are you most worried about for your container and Kubernetes environments? Select only one response. Top answers are Vulnerabilities at 30%, Misconfigurations/exposures at 28%, Attacks at 25%, and Failing compliance (such as SOC2, PCI, and HIPPA) at 18%.

Use of open source software is big concern for software supply chain security

Software supply chain security has been a hot topic, and supply chain attacks are increasing rapidly. The survey findings indicate that respondents are concerned about various aspects of the software supply chain, with the top concerns being software vulnerabilities and use of open source software. Concerns about software vulnerabilities are understandable, as software vulnerabilities can lead to serious security incidents, such as data breaches, malware infections, and unauthorized access. The use of open source software poses a security challenge to software supply chains, as open source software is widely used in modern software development, and it may also introduce security risks if it contains vulnerabilities or is not properly maintained.

Chart: What aspects of the software supply chain are you worried about most? Select all that apply. Top answers are Software vulnerabilities at 35%, Use of open source software at 32%, Insider threat (accidental or malicious) at 28%, and Untrusted content at 27%.

Read the full report for tips on achieving better security

When security becomes an afterthought, organizations put at risk the core benefit of faster application development and release by not ensuring that their cloud-native environments are built, deployed, and managed securely. Our findings show that what happens in the build and deploy stages has a significant impact on security, which was underscored by the prevalence of misconfigurations and vulnerabilities across organizations. Security, therefore, must shift left, imperceptibly embedding into DevOps workflows instead of being “bolted on” when the application is about to be deployed into production. 

Download the full survey results and key takeaways.