Kubernetes security report finds people have no idea how to use Kubernetes

A circle of laptops connected to a cloud symbol.

(Image credit: Shutterstock/Bluebay)

Kubernetes seems to be a security nightmare because it’s super complex to use, and people tasked with using it are struggling to cope, a report from Red Hat has found.

The company polled 300 DevOps, engineering, and security professionals for the paper, and found that 55% postponed launching an app because of security concerns.

Almost all (93%) have had at least one security incident in their Kubernetes environment in the last 12 months, with a third (31%) suffering either revenue loss, or customer loss.

Misconfigurations

"Kubernetes and containers, while powerful, were designed for developer productivity, not necessarily security," the report says. "Default pod-to-pod network settings, as an example, allow open communication to quickly get a cluster up and running, at the expense of security hardening."

Complex environments lead to misconfigurations, and misconfigurations lead to endpoint security incidents.

"Despite extensive media attention over cyberattacks, the report highlights that it's actually misconfigurations that keep IT professionals up at night," Ajmal Kohgadai, Red Hat product marketing manager, said.

"Kubernetes is highly customizable, with various configuration options that can affect an application’s security posture. Consequently, respondents worry the most about exposures due to misconfigurations in their container and Kubernetes environments (46%) – nearly three times the level of concern over attacks (16%)."

> Microsoft is working on a whole new kind of Kubernetes

> Hackers have found yet another way to attack Kubernetes clusters

> NSA, CISA: Here's how we can properly secure Kubernetes

It barely hurts Kubernetes’ image or popularity, though. The open-source container orchestration software is being used, or considered, by 96% of organizations, last year’s Cloud Native Computing Foundation report states.

Red Hat is looking to tackle the issue of human error by minimizing human interaction through automation, and has, to that end, acquired StackRox last year. "The StackRox project aims to help simplify DevSecOps by integrating security capabilities within the development and deployment lifecycle, effectively shifting application security "to the left" in software creation," the company said at the time.

Prevent security incidents with the best firewalls around

Via: The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.