Almost all organizations worldwide experienced at least one security incident related to containers or Kubernetes in the past year.

Nearly half (46%) of all organizations worldwide lost revenue or customers in the past year due to security incidents related to containers or Kubernetes. In addition, a third of companies (30%) were fined. Red Hat’s latest State of Kubernetes Security Report shows that 89 percent of organizations had at least one container or Kubernetes-related incident in the past year.

Kubernetes and containers increase software complexity by adding new layers, which introduces security risks to critical infrastructure. The survey shows that IT professionals are most concerned about vulnerabilities in container environments (33%), misconfigurations (27%) and external attacks (24%). In particular, professionals are most concerned about coding errors (36%), public sensitive data (34%) and poor network security (32%).

Investments and responsibilities

Despite the risks, 42 percent of respondents say their organization does not invest enough in container security. Security is often seen as a shared responsibility. Only a third of organizations (34%) place Kubernetes security on the security team. In half of the cases, responsibility lies primarily with operational teams such as Ops (18%), DevOps (17%) and DevSecOps (15%).

Containers and Kubernetes can accelerate application development in hybrid clouds. To do this securely without sacrificing speed and ease of use, Red Hat offers three tips for successful Kubernetes security:

• Use security measures designed specifically for Kubernetes.
• Extend security across all application lifecycles.
• Implement tools that support DevSecOps.

The report’s findings underscore the importance of good security planning and tools given the increasing popularity of Kubernetes.