Kubernetes Security in 2023: Adoption Soars, Security Lags
The entire cloud native world revolved around Kubernetes, but it’s not even 10 years old yet. But, while its adoption rate has skyrocketed, concerns about securing containerized workloads persist. Red Hat‘s The State of Kubernetes Security for 2023 report delves into cloud native development security risks.
Based on a global survey of 600 DevOps, engineering, and security professionals, this report uncovers common security challenges in cloud native adoption and their business impact. More than just the usual report of what people are saying and thinking, the report also covers best practices and guidance for secure application development.
Findings
But the report’s key findings are worrying:
- 38% of respondents believe security investment in containerized operations is inadequate, a 7% increase from 2022.
- 67% of respondents have had to slow down cloud native adoption due to security concerns.
- More than half of the respondents have experienced a software supply chain issue related to cloud native and containerized development in the past 12 months.
This is not good. Adoption rates continue to grow, but security investments have not kept pace.
Recommendations
So, Red Hat recommends that organizations should invest in cloud native tools with built-in security to address this gap. IT teams need to focus on selecting and implementing security tools that provide feedback and guardrails in the CI/CD application pipeline and infrastructure pipeline. In other words, you should shift left with security whenever possible.
Specifically, cloud native security solutions should include a DevSecOps approach.
With 67% of respondents delaying or slowing down application deployment due to security concerns, these issues are seriously interfering with business.
Worse still, security incidents have led to employee terminations for 21% of respondents and fines for 25%. Revenue or customer loss was reported by 37% of respondents as a result of a container and Kubernetes security incident. You can’t afford these kinds of mistakes. They cost real money and can wreck your company’s reputation.
On the flip side, by prioritizing security early in a cloud native strategy, organizations can protect business assets, meet regulatory requirements, drive business continuity, maintain customer trust, and reduce the cost of remediating security issues.
Growing Concern
In addition, users are figuring out that software supply chain security is a growing concern. Sonatype reported a 742% average annual increase in software supply chain attacks over the past three years. The top three concerns for survey respondents were vulnerable application components (32%), insufficient access controls (30%), and a lack of software bill of materials (SBOM) or provenance (29%). How bad is it? More than half of the respondents have experienced virtually every issue identified in the survey.
However, many organizations are making strides to better secure their software supply chains by adopting a comprehensive DevSecOps approach. Nearly half of the respondents already have an advanced DevSecOps initiative, and 39% are in the early stages of adoption. By focusing on software component security early in the development lifecycle and automating security integration using DevSecOps practices, organizations can transition from inconsistent manual processes to consistent, repeatable, and automated operations.
Well, that’s the hope anyway. Clearly, these security issues must be addressed. If not, then cloud native-oriented companies are going to face serious business headwinds in the days to come.
