Red Hat’s The State of Kubernetes Security for 2024 clearly shows that as Kubernetes becomes more popular, security tools and planning become more important. The new edition of this annual study takes stock of the main challenges facing companies in the field of cloud native security and the impact on their business, in order to help better understand their practices and priorities.
This report is based on the results of a worldwide survey conducted by Red Hat among 600 DevOps, engineering and cybersecurity professionals operating in companies of all sizes, from SMB to large enterprise . It provides important information on the following points:
• the specific security risks businesses face, as well as the steps they take to mitigate them;
• the different types of security incidents that companies encounter in Kubernetes environments, as well as their frequency;
• the distribution of responsibilities for the security of Kubernetes environments at different levels of the company;
• advice to reduce risks throughout the application lifecycle.
Here are the key takeaways from the survey, along with three tips for strengthening the security of cloud-native environments.
Security incidents can occur at any stage of the application lifecycle, and there are several issues that can cause them. Despite the popularity of Kubernetes, many companies continue to be cautious in their approach. For 42% of respondents, security is a top concern of their container and Kubernetes strategy. These respondents emphasize in particular the difficulties likely to appear in the form of a security incident, a vulnerability or a configuration error at different stages of the application life cycle.
Current container strategies pose security challenges — 42% of respondents believe their organizations are not adequately equipped to address container security and threats, particularly due to the increasing complexity of next-generation IT environments.
Security concerns continue to impact business results — 67% of respondents said their company had to delay or slow down application development due to growing security concerns. Additionally, the complexity of Kubernetes and container environments is a factor that some companies are still struggling to master.
DevSecOps practices are commonly used in businesses — 42% of respondents said DevSecOps initiatives have reached an advanced stage at their company. Additionally, 48% believe their organization recognizes the importance of the DevSecOps model and is at an early adoption stage, with teams collaborating to develop rules and workflows. This is a notable increase compared to last year, when only 39% of respondents said they had reached this stage.
