The State of Kubernetes Security in 2024

The State of Kubernetes Security for 2024 report shows us that as the popularity of Kubernetes grows, the more important security planning and tooling becomes. Our annual report examines some of the most common cloud-native security challenges and business impacts that organizations face today, helping us to better understand their practices and priorities.

The report is based on a survey of 600 DevOps, engineering and security professionals around the world in organizations ranging from small companies to large enterprises. It delivers insights into the following:

• Specific security risks facing organizations and the steps they are taking to mitigate these risks.
• The types and frequencies of security incidents that organizations experience in Kubernetes environments.
• The distribution of Kubernetes security responsibilities across the organization.
• Guidance for reducing risks throughout application lifecycles.

Check out some of the highlights below and download the full report to learn more about the findings, as well as learn three tips for increasing the security of your cloud-native environments.

Security incidents can occur in all phases of the application lifecycle, and can be caused by a variety of issues. Despite the popularity of Kubernetes, many organizations are still cautious in their approach. Forty-two percent (42%) of respondents cite security as a top concern with container and Kubernetes strategies, noting the difficulties that can surface as security incidents, vulnerabilities, and misconfigurations at different stages of the application lifecycle.

Current container strategies present security-related concerns, with 42% of respondents suggesting that their company does not have sufficient capabilities in place to help address container security and related threats, particularly in light of the increased complexity that comes with modern computing environments.

Security issues continue to impact business outcomes, with 67% of respondents indicating that their companies delayed or slowed application development as a result of rising security concerns. The complexity of container-based Kubernetes environments is also a factor with which some organizations still struggle.

DevSecOps practices are common across organizations, with 42% of respondents reporting DevSecOps initiatives in an advanced stage in their organization. Meanwhile, 48% of respondents say their organization values DevSecOps and is in the early adoption stage, with teams collaborating on policies and workflows. This marks a notable improvement from last year, when only 39% of respondents reported being at this stage.