What it takes to do Cloud Detection & Response
A guest post by James Berthoty the founder of Latio Tech. The shift to cloud...
Unraveling the State of Kubernetes Security in 2023
May 24, 2023
ARMO addresses 76% of key concerns highlighted in the Red Hat 2023 Report.
We analyzed one of our favorite annual reports – the Red Hat State of Kubernetes security report 2023. It’s chock full of really interesting data on one of our favorite topics: Kubernetes security! (Who knew?!)
In this post we’re going to unpack some of the most compelling data points, and compare them to previous years. We’ll also share some of our own insights and perspective on how this impacts you as a Kubernetes user.
State of Kubernetes security – TL;DR
If we had to summarize the report in the few short bullets that should matter to you, these are probably the primary takeaways from the data:
- Concern about misconfigurations has decreased from the previous two years. It has now evolved into more practical worry about how this translates to actual attacks and failing compliance––a concern which is rising.
- The good news is that incidents and issues related to misconfiguration are down. This demonstrates that the industry has evolved quite a bit with regards to securing configurations.
- Specific concern for vulnerability counts is consistent with previous years (does this mean we’re in CVE Shock?).
- However, runtime incidents & vulnerabilities are on the rise. This has resulted in more delayed deployments due to security, much more so than in the past
- Finally, there is a consensus that the responsibility for Kubernetes security is widely spread throughout organizations. This suggests that dedicated security teams are becoming more involved now. This is done mostly in an advisory capacity, to the many teams that need to attend to their piece of security.
Quick snapshot of the data across the years
| 2023 | 2022 | 2021 | |
| Have you ever delayed or slowed down application deployment into production due to container or Kubernetes security concerns? | |||
| Yes | 67%⬆ | 55% | 55% |
| No | 33% | 45% | 45% |
| In the past 12 months, what security incidents or issues related to containers and/or Kubernetes have you experienced? | |||
| Misconfiguration | 45%⬇ | 53% | 59% |
| Security incident during runtime | 49%⬆ | 30% | 32% |
| Major vulnerability to remediate | 42%⬆ | 38% | 31% |
| Failed audit | 27%⬆ | 22% | 20% |
| What is your biggest concern about your company’s container strategy? | |||
| It isn’t taking security seriously or investing in security adequately | 38% | 31% | 45% |
| It is progressing too slowly | 25% | 22% | 15% |
| It doesn’t account for compliance needs | 14% | 6% | 14% |
| It doesn’t address skills gaps on our team | 13% | 20% | |
| It doesn’t account for cultural or process changes | 10% | 12% | |
| What role at your company is most responsible for container and Kubernetes security? | |||
| Ops (architect, platform, infrastructure, SRE, cloud) | 20% | 16% | 21% |
| DevOps | 18% | 43% | 27% |
| DevSecOps | 15% | 19% | 18% |
| Security (cloud security, security eng., InfoSec) | 28%⬆ | 16% | 18% |
| Developer | 20% | 6% | 15% |
| Do you have a DecSecOps initiative in your organization? | |||
| Yes – advanced stage | 45%⬆ | 27% | 25% |
| Yes – early stage | 39% | 50% | 49% |
| No | 17% | 22% | 26% |
| Of the following risks, which one are you most worried about for your container and Kubernetes environments? | |||
| Vulnerabilities | 30% | 28% | 31% |
| Misconfigurations/exposures | 28%⬇ | 46% | 47% |
| Attacks | 25%⬆ | 16% | 13% |
| Failing compliance (SOC2, PCI, HIPAA, etc.) | 18%⬆ | 9% | 8% |
Let’s take a closer look at this last question from the table above.
Kubernetes security and ARMO
ARMO invests a lot of effort to address the real security concerns of organizations deploying Kubernetes to production. This is highlighted by the fact that ARMO covers 76% of the concerns highlighted in the report.
- 30% most concerned about Vulnerabilities – The team at ARMO realizes that identifying, tracking and assessing vulnerabilities is extremely time-consuming. As such ARMO Platform offers an easy and automated way to assess and prioritize them. Kubescape (the OSS engine that powers ARMO Platform) excelles in head-to-head benchmarking with other commercial and OSS Kubernetes security tools. See this excellent post by the Jit Security Research team that benchmarked Kubescape vs. other popular tools for coverage and accuracy. In addition, ARMO recently rolled out a Relevancy feature that adds another layer of focus to CVE prioritization. It helps identify those that need to be fixed first, in order to make the greatest impact on organizations’ Kubernetes security posture.
- 28% most worried about Misconfigurations – This one is next on the list of risks that respondents are most concerned about. Kubescape is constantly being updated with security controls that catch and remediate common misconfigurations encountered in the wild.
- 18% most troubled by Compliance – The concern for compliance doubled (!!) since last year (9%). Kubescape helps companies stay compliant with the most common Kubernetes security best practices by embedding industry-standard frameworks like CIS Kubernetes Benchmark, NSA, and MITRE ATT&CK in its security scanning. Using ARMO Platform teams can assess compliance and drift over time.
This means that THREE of the top risks that concern developers and security practitioners today with regards to Kubernetes security can be managed with a single pane of glass, and a holistic view.
(Source: Redhat State of Kubernetes security, 2023)
It’s interesting to note that while the majority of companies with security misconfiguration concerns have indicated that they are constantly taking steps to address them (page 11). Yet, this is still not easily solved. The source of friction concentrated on aspects of remediation. That is why ARMO has focused a lot of attention on deeply embedding remediation capabilities that run the gamut of integrations with common DevOps tooling. This, in addition to assisted remediation, and auto-remediation capabilities directly in GitHub through fix PRs with a practical solution.
The extensive vulnerability and misconfiguration coverage is made possible through the number of controls available out of the box, with more than 200+ controls (the most available on the market today), that are based on the industry standards noted above. This is also the backbone for ARMO Platform’s continuous compliance capabilities, that are rooted in all of the above.
Security practitioners can monitor Kubernetes clusters with confidence using dashboards that indicate drift, provide immediate notifications of misconfigurations and new vulnerabilities. This comprehensive solution includes contextual security data, offering both informative and actionable insights. Best of all, it eliminates the need for extensive manual efforts or building from scratch.
Conclusion
The Red Hat State of Kubernetes Security report 2023 highlights the evolving landscape of Kubernetes security. While concerns have shifted towards actual attacks and compliance failures, concerns related to misconfigurations have decreased. Vulnerability counts remain a consistent concern, and runtime incidents and vulnerabilities are on the rise, leading to more delayed deployments.
ARMO Platform is a comprehensive solution that covers 76% of the concerns raised in the report. It offers automated vulnerability assessment and remediation of misconfigurations. It provides dashboards, immediate notifications, and contextual security data for holistic monitoring of Kubernetes clusters. With this Kubernetes security tool, organizations can navigate Kubernetes security with confidence, ensuring hardened and compliant infrastructure.
Actionable, contextual, end-to-end
{Kubernetes-native security}
From code to cluster, helm to node, we’ve got your Kubernetes covered:
Cut the CVE noise by significantly reducing CVE-related work by over 90%
Automatic Kubernetes compliance for CIS, NSA, Mitre, SOC2, PCI, and more
Manage Kubernetes role-based-access control (RBAC) visually
Share
