Kubernetes security report finds people have no idea how to use Kubernetes
The company polled 300 DevOps, engineering, and security professionals for the paper, and found that 55% postponed launching an app because of security concerns.
Almost all (93%) have had at least one security incident in their Kubernetes environment in the last 12 months, with a third (31%) suffering either revenue loss, or customer loss.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
“Kubernetes and containers, while powerful, were designed for developer productivity, not necessarily security,” the report says. “Default pod-to-pod network settings, as an example, allow open communication to quickly get a cluster up and running, at the expense of security hardening.”
Complex environments lead to misconfigurations, and misconfigurations lead to endpoint security incidents.
“Despite extensive media attention over cyberattacks, the report highlights that it’s actually misconfigurations that keep IT professionals up at night,” Ajmal Kohgadai, Red Hat product marketing manager, said.
“Kubernetes is highly customizable, with various configuration options that can affect an application’s security posture. Consequently, respondents worry the most about exposures due to misconfigurations in their container and Kubernetes environments (46%) – nearly three times the level of concern over attacks (16%).”
> Microsoft is working on a whole new kind of Kubernetes
> Hackers have found yet another way to attack Kubernetes clusters
> NSA, CISA: Here’s how we can properly secure Kubernetes
It barely hurts Kubernetes’ image or popularity, though. The open-source container orchestration software is being used, or considered, by 96% of organizations, last year’s Cloud Native Computing Foundation report states.
Red Hat is looking to tackle the issue of human error by minimizing human interaction through automation, and has, to that end, acquired StackRox last year. “The StackRox project aims to help simplify DevSecOps by integrating security capabilities within the development and deployment lifecycle, effectively shifting application security “to the left” in software creation,” the company said at the time.
- Prevent security incidents with the best firewalls around