Kubernetes is the de facto standard when it comes to container orchestration and management at scale, but adoption is only one piece of Kubernetes strategy. Security plays a huge role in how organizations use cloud-native technologies, and is typically much trickier to address than simply spinning up and running containers. Red Hat’s The State of Kubernetes Security for 2022 examines the security challenges organizations face when it comes to cloud-native development and how they address these challenges to protect their applications and IT environments.
The report is based on surveys of more than 300 DevOps, engineering and security professionals, highlighting how companies are adopting containers and Kubernetes while still balancing the security of these environments. While the full report is available here, read on to see some of the key findings from this year’s data.
Security concerns linger - and are causing delays
Similar to previous years, security remains one of the biggest concerns around container adoption. New technologies can create unforeseen security challenges when integrated with traditional IT environments, and containers present particular complexities given that their security needs stretch across all aspects of the application lifecycle, from development through deployment and maintenance. The report found that concerns around security threats to containers and a lack of investment in container security is the number-one most common concern with container strategies for 31% of respondents.
Backing these concerns are the 93% of respondents who experienced at least one security incident in their Kubernetes environments in the last 12 months, with the incident sometimes leading to revenue or customer loss. More than half of respondents (55%) also have had to delay an application rollout because of security concerns over the past year.
Despite extensive media attention over cyberattacks, the report highlights that it’s actually misconfigurations that keep IT professionals up at night. Kubernetes is highly customizable, with various configuration options that can affect an application’s security posture. Consequently, respondents worry the most about exposures due to misconfigurations in their container and Kubernetes environments (46%) – nearly three times the level of concern over attacks (16%). Automating configuration management as much as possible helps to alleviate these issues, so that security tools - rather than humans - provide the guardrails that help developers and DevOps teams configure containers and Kubernetes more securely.
DevSecOps has become the standard
Less than two years ago, our Fall 2020 report found that 40% of respondents were starting to have DevOps and Security teams collaborate on joint policies and workflows. Over the past two years that number has increased considerably, with DevSecOps now quickly becoming the standard for surveyed organizations. A vast majority of this year’s respondents (78%) stated they have a DevSecOps initiative in either beginning or advanced stages. And 27% of respondents count themselves among the most forward-looking organizations when it comes to DevSecOps, with an advanced DevSecOps initiative, where they are integrating and automating security throughout application lifecycles.
Collaboration across Dev, Ops, and Security teams to implement security early in the development lifecycle helps realize the greatest benefit of Kubernetes—innovating fast. In the past, the role of security was isolated to a specific team in the final stage of development. That wasn’t as problematic when development cycles lasted months or even years. With today’s rapid release cycles, security must shift left and be embedded into DevOps workflows instead of “bolted on” when the application is about to be deployed into production.
The good news is, this seems to be resonating with respondents. Besides the high number who are implementing DevSecOps, only 22% of respondents reported that they continue to operate DevOps separate from Security. And only 16% of respondents identify the central IT security team to hold responsibility for Kubernetes security.
Achieving better security through DevSecOps
Security has long been viewed as a business inhibitor, especially by developers and DevOps teams whose primary goal is to deliver code fast. With containers and Kubernetes, security should become a business accelerator by helping developers build stronger security controls into their applications right from the start.
Despite potential security concerns, the benefits of container and Kubernetes adoption continue to outweigh the drawbacks. The key is to look for a container and Kubernetes security platform that incorporates DevOps best practices and internal controls as part of its configuration checks. It should also assess the configuration of Kubernetes itself for its security posture, so developers can focus on feature delivery.
To see more about the findings as well as read four tips for achieving better security, the full report can be found here.
Sobre o autor
Ajmal Kohgadai is Principal Product Marketing Manager for Red Hat Advanced Cluster Security for Kubernetes. Prior to its acquisition by Red Hat, he was the Director of Product Marketing and Growth at StackRox, a leading Kubernetes security company.
Navegue por canal
Automação
Últimas novidades em automação de TI para empresas de tecnologia, equipes e ambientes
Inteligência artificial
Descubra as atualizações nas plataformas que proporcionam aos clientes executar suas cargas de trabalho de IA em qualquer ambiente
Nuvem híbrida aberta
Veja como construímos um futuro mais flexível com a nuvem híbrida
Segurança
Veja as últimas novidades sobre como reduzimos riscos em ambientes e tecnologias
Edge computing
Saiba quais são as atualizações nas plataformas que simplificam as operações na borda
Infraestrutura
Saiba o que há de mais recente na plataforma Linux empresarial líder mundial
Aplicações
Conheça nossas soluções desenvolvidas para ajudar você a superar os desafios mais complexos de aplicações
Programas originais
Veja as histórias divertidas de criadores e líderes em tecnologia empresarial
Produtos
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Red Hat Cloud Services
- Veja todos os produtos
Ferramentas
- Treinamento e certificação
- Minha conta
- Suporte ao cliente
- Recursos para desenvolvedores
- Encontre um parceiro
- Red Hat Ecosystem Catalog
- Calculadora de valor Red Hat
- Documentação
Experimente, compre, venda
Comunicação
- Contate o setor de vendas
- Fale com o Atendimento ao Cliente
- Contate o setor de treinamento
- Redes sociais
Sobre a Red Hat
A Red Hat é a líder mundial em soluções empresariais open source como Linux, nuvem, containers e Kubernetes. Fornecemos soluções robustas que facilitam o trabalho em diversas plataformas e ambientes, do datacenter principal até a borda da rede.
Selecione um idioma
Red Hat legal and privacy links
- Sobre a Red Hat
- Oportunidades de emprego
- Eventos
- Escritórios
- Fale com a Red Hat
- Blog da Red Hat
- Diversidade, equidade e inclusão
- Cool Stuff Store
- Red Hat Summit