This edition of the State of Kubernetes Security Report examines how companies are adopting Kubernetes, containers, and cloud-native technologies while meeting the challenges of securing their vital Kubernetes applications. This report compiles the survey results from more than 500 DevOps, engineering, and security professionals and uncovers new findings about how companies that embrace containers and Kubernetes implement DevSecOps initiatives to protect their cloud-native environments. The survey was conducted by StackRox before its acquisition by Red Hat in early 2021.
Because security as the biggest area of concern with container adoption and security issues continue to cause delays in deploying applications into production, we also look at the most common types of security incidents that companies experience in their Kubernetes environments.
The survey results highlight the importance of collaboration across Dev, Ops, and Security teams to implement security early in the development life cycle to realize the greatest benefit of Kubernetes—innovating fast. We are heartened to see so many organizations adopting DevSecOps—75% of organizations have initiatives in place that increase collaboration between DevOps and Security teams.
Nearly everyone—94% of respondents—admitted to experiencing a security incident in the last 12 months. In many cases, the cause was a misconfiguration. But a sizable portion also identified a major vulnerability, experienced a runtime incident, or failed an audit. These findings become more critical when respondents have deployed their Kubernetes workloads in production environments.
We encourage you to benchmark yourself against the findings in this report to determine how you can accelerate your efforts to apply security controls across containers and Kubernetes. Delaying security could mean delaying innovation and putting the business benefits of Kubernetes at risk. There are many security advantages you can use in containers and Kubernetes—from declarative configuration and immutable infrastructure to the isolation inherent in containerized applications. Organizations, however, need the knowledge, tooling, and processes to put those capabilities to work so they can benefit from the sizable advantages of running fast in a DevOps-driven, cloud-native world.