Kubernetes and Container Security and Adoption Trends
We examine how companies are adopting containers, Kubernetes, and cloud-native technologies and addressing their security challenges
In this edition of our “State of Container and Kubernetes Security” report, we uncovered that security and compliance challenges remain a top concern in container strategies and 90% of respondents experienced a security incident in their container and Kubernetes environments over the last 12 months. Consequently, 44% of respondents have delayed moving an application into production because of security concerns. These findings come from our survey of more than 400 IT and security professionals.
Kubernetes adoption hits a new high
Our survey results indicate widespread adoption of Kubernetes (91%), especially in production environments (75%). Supported by a robust community of contributors, Kubernetes has taken significant market share away from other container management tools such as Docker Swarm and Amazon Elastic Container Service (ECS).
Self-managed Kubernetes is the most common approach to managing containers
How Kubernetes is deployed continues to evolve. Self-managed Kubernetes is the most common way to orchestrate containers (50%). Amazon EKS and Azure AKS continue to dominate the market for managed Kubernetes services, with adoption rates of 44% and 31%. Red Hat OpenShift is the fourth most used container orchestrator. The only non-Kubernetes orchestrator remaining in the top five is Amazon ECS, which continues to lose market share at a rapid pace.
Security tops the list of concerns with container strategies
Inadequate investment in security leads the list of concerns users cite about their company’s container strategy (34%). When combined with not taking threats seriously (15%) and not accounting for compliance needs (17%), two-thirds of respondents identify security and compliance as their biggest source of concern.
Most organizations have a DevSecOps initiative
DevSecOps is not just a buzzword - the term encompasses the processes and tooling that enables security to be integrated with application development and operations from the get go. Our survey found good news on this front - the vast majority of respondents say they have some form of DevSecOps initiative underway. Only 17% of respondents continue to operate DevOps separate from security.
Human error causes majority of security incidents in Kubernetes
A staggering 90% of survey respondents have experienced a security incident in their Kubernetes and container environments during the last 12 months. Data breaches and exposures often result from human error. Not surprisingly, 67% of respondents have experienced a misconfiguration incident. Another 22% reported a major vulnerability to remediate, 17% detected a runtime incident, and 16% failed an audit.
Security concerns are inhibiting business innovation
Just as we found in our study eight months ago, nearly half of the respondents (44%) have had to delay an application rollout because of security concerns. Faster application development and release, quicker bug fixes, and increased feature velocity are three of the most often cited benefits of containerization. However, when security becomes an afterthought, you risk diminishing the greatest business gain driving containerization — agility.
More containers are running in production than ever before
The percentage of organizations with more than half their containers running in production jumped to 33%, an all time high. At the same time, organizations running fewer than 10% of their containers in production has fallen to 25%.
Responsibility for container security remains decentralized
Across various IT roles, Security is the single role most cited as responsible for securing containers and Kubernetes. But taken together, the myriad operational roles of DevOps, Ops, and DevSecOps dwarf security nearly three fold, at 61%. This distribution shows that when it comes to securing containers and Kubernetes, it takes a village.