Register for our next webcast - securing containers and Kubernetes with StackRox Save My Seat >
{ .link_text }}

Kubernetes and Container Security and Adoption Trends

We examine how companies are adopting containers, Kubernetes, and cloud-native technologies and addressing their security challenges

Download Report Now

Overview

In this edition of our “State of Container and Kubernetes Security” report, we uncovered that security and compliance challenges remain a top concern in container strategies and 90% of respondents experienced a security incident in their container and Kubernetes environments over the last 12 months. Consequently, 44% of respondents have delayed moving an application into production because of security concerns. These findings come from our survey of more than 400 IT and security professionals.

 

Kubernetes adoption hits a new high

Our survey results indicate widespread adoption of Kubernetes (91%), especially in production environments (75%). Supported by a robust community of contributors, Kubernetes has taken significant market share away from other container management tools such as Docker Swarm and Amazon Elastic Container Service (ECS).

 

Self-managed Kubernetes is the most common approach to managing containers

How Kubernetes is deployed continues to evolve. Self-managed Kubernetes is the most common way to orchestrate containers (50%). Amazon EKS and Azure AKS continue to dominate the market for managed Kubernetes services, with adoption rates of 44% and 31%. Red Hat OpenShift is the fourth most used container orchestrator. The only non-Kubernetes orchestrator remaining in the top five is Amazon ECS, which continues to lose market share at a rapid pace.

 

Security tops the list of concerns with container strategies

Inadequate investment in security leads the list of concerns users cite about their company’s container strategy (34%). When combined with not taking threats seriously (15%) and not accounting for compliance needs (17%), two-thirds of respondents identify security and compliance as their biggest source of concern.

 

Get the full report

Download the report for an in-depth analysis of container and Kubernetes security and adoption trends

Download Report Now

Most organizations have a DevSecOps initiative

DevSecOps is not just a buzzword - the term encompasses the processes and tooling that enables security to be integrated with application development and operations from the get go. Our survey found good news on this front - the vast majority of respondents say they have some form of DevSecOps initiative underway. Only 17% of respondents continue to operate DevOps separate from security.

 

Human error causes majority of security incidents in Kubernetes

A staggering 90% of survey respondents have experienced a security incident in their Kubernetes and container environments during the last 12 months. Data breaches and exposures often result from human error. Not surprisingly, 67% of respondents have experienced a misconfiguration incident. Another 22% reported a major vulnerability to remediate, 17% detected a runtime incident, and 16% failed an audit.

 

Security concerns are inhibiting business innovation

Just as we found in our study eight months ago, nearly half of the respondents (44%) have had to delay an application rollout because of security concerns. Faster application development and release, quicker bug fixes, and increased feature velocity are three of the most often cited benefits of containerization. However, when security becomes an afterthought, you risk diminishing the greatest business gain driving containerization – agility.

 

More containers are running in production than ever before

The percentage of organizations with more than half their containers running in production jumped to 33%, an all time high. At the same time, organizations running fewer than 10% of their containers in production has fallen to 25%.

 

Responsibility for container security remains decentralized

Across various IT roles, Security is the single role most cited as responsible for securing containers and Kubernetes. But taken together, the myriad operational roles of DevOps, Ops, and DevSecOps dwarf security nearly three fold, at 61%. This distribution shows that when it comes to securing containers and Kubernetes, it takes a village.

Download the full report

Download for an in-depth analysis of containers and Kubernetes security and adoption trends

View all resources

Check out our other resources to help you build a more secure cloud-native infrastructure