Kubernetes appears to be a security nightmare because it’s very complex to use and people tasked with struggling to cope with it, according to a Red Hat report.
The company surveyed 300 DevOps, engineering, and security professionals for the paper and found that 55% delayed launching an app because of security concerns.
Almost all (93%) have had at least one security incident in their Kubernetes environment in the last 12 months, with a third (31%) experiencing either lost revenue or lost customers.
misconfigurations
“Kubernetes and containers, while powerful, were built for developer productivity, not necessarily security,” the report states. “For example, standard pod-to-pod network settings allow open communication to get a cluster up and running quickly, at the expense of security hardening.”
Complex environments lead to misconfigurations and misconfigurations lead to endpoint security incidents.
“Despite widespread media attention about cyberattacks, the report highlights that it is indeed misconfigurations that are keeping IT pros up at night,” said Ajmal Kohgadai, product marketing manager at Red Hat.
“Kubernetes is highly customizable, with various configuration options that can impact an application’s security posture. As a result, respondents are most concerned about misconfiguration vulnerabilities in their container and Kubernetes environments (46%)—almost three times as concerned about attacks (16%)”
> Microsoft is working on a whole new kind of Kubernetes
> Hackers have found another way to attack Kubernetes clusters
> NSA, CISA: How we can properly secure Kubernetes
However, it hardly harms the image or popularity of Kubernetes. Open-source container orchestration software is being used or considered by 96% of organizations, according to last year’s Cloud Native Computing Foundation report.
Red Hat seeks to address human error by minimizing human interaction through automation, and last year acquired StackRox to do so. “The StackRox project aims to help simplify DevSecOps by embedding security features into the development and deployment lifecycle, effectively shifting application security ‘to the left’ in software building,” the company said at the time.
- Prevent security incidents with the best firewalls around
Above: The registry
This article was previously published on Source link
