Kubernetes Security : Top 25 Stats from RedHat Security Report 2023
State of Kubernetes Security Report 2023 from Redhat, which presents the findings from an annual survey on cloud-native security, focusing on containerized workloads and Kubernetes. The report is based on a survey of 600 professionals from across the globe and uncovers common security challenges organizations face on their cloud-native adoption journey, including risks to their software supply chain and their applications at runtime.
The report also identifies the types of security incidents experienced in Kubernetes environments and provides best practices and guidance for application development and security teams. One of the key takeaways from the report is the importance of DevSecOps, which involves integrating and automating security throughout the software development life cycle. The report also provides tips for achieving better security in Kubernetes environments. Here are the key 25 Stats worth mentioning –
- 67% of companies have delayed or slowed down deployment due to a security issue.
- 37% of respondents identified revenue/customer loss as a result of a container and Kubernetes security incident.
- 90% of respondents experienced at least one security incident in the last 12 months.
- 49% of respondents experienced a security incident during runtime.
- 45% of respondents detected a misconfiguration in their Kubernetes environment.
- 38% of respondents either think security isn’t taken seriously enough or security investment is inadequate.
- Only 28% of respondents consider their Security Team as the role most responsible for container and Kubernetes security.
- Nearly half (45%) of respondents have reached an advanced stage of DevSecOps integration, where security is integrated and automated throughout the software development life cycle (SDLC).
- More than 50% of respondents are worried about misconfigurations and vulnerabilities in their container and Kubernetes environments.
- 35% of respondents worry the most about software vulnerabilities related to their software supply chain.
- 67% of companies have delayed or slowed down deployment due to a security issue.
- 21% of respondents said that a security incident led to employee termination, and 25% said the organization was fined.
- 37% of respondents identified revenue/customer loss as a result of a container and Kubernetes security incident.
- 44% of respondents experienced project delays due to containers/Kubernetes security or compliance issues or incidents.
- 39% of respondents experienced a negative impact to product success due to containers/Kubernetes security or compliance issues or incidents.
- 25% of respondents experienced fines due to containers/Kubernetes security or compliance issues or incidents.
- 21% of respondents experienced employee termination due to containers/Kubernetes security or compliance issues or incidents.
- 49% of respondents experienced a security incident during runtime in their container and/or Kubernetes environments in the past 12 months.
- 45% of respondents detected a misconfiguration in their container and/or Kubernetes environments in the past 12 months.
- 42% of respondents had to remediate a major vulnerability in their container and/or Kubernetes environments in the past 12 months.
- 27% of respondents failed an audit due to containers/Kubernetes security or compliance issues or incidents in the past 12 months.
- 38% of respondents cite security as a top concern with their container and Kubernetes strategies.
- Less than a third (28%) of respondents consider the Security Team to be responsible for Kubernetes security.
- Nearly half (45%) of respondents have a DevSecOps initiative in an advanced stage, where they are integrating and automating security throughout the life cycle.
- Another 39% understand the value of DevSecOps and are in the early stage of adoption, with DevOps and Security collaborating on joint policies and workflows.
These statistics provide valuable insights into the state of Kubernetes security and the challenges organizations face in securing their cloud-native environments.
The report also mentions that these incidents can result in loss of talent, knowledge, and experience, as well as financial burdens and negative publicity. Delays in critical projects or product releases due to security breaches can also slow business growth and result in lost revenue, customer dissatisfaction, or loss of market share.
Download the full report here.