Despite Kubernetes still being a relatively young technology, adoption rates have soared over the past several years as the container orchestration platform has become the cornerstone for many digital transformation initiatives.
Even as organisations settle in with their use of the technology in production, however, there still remains concern around the best ways to secure containerised workloads.
This is according to Red Hat’s The State of Kubernetes Security for 2023 report, which looked at the specific security risks organisations face regarding cloud-native development, including risks to their software supply chain, and how they mitigate these risks to protect their applications and IT environments.
The report is based on a survey of 600 DevOps, engineering and security professionals from across the globe and uncovers some of the most common security challenges organizations face on their cloud-native adoption journey and their impact on the business.
Findings show that 38% of respondents state that security investment in containerised operations is inadequate, a 7% increase from 2022.
Two-thirds (67%) of respondents have had to slow down cloud-native adoption due to security concerns, and more than half have experienced a software supply chain issue related to cloud-native and containerized development in the past 12 months.
The latest survey shows that 38% of respondents stating security isn’t taken seriously enough or security investment is inadequate — up 7% over just last year. Red Hat found that while adoption rates continue to grow, such growth hasn’t always been followed by the same growth in security investments.
Red Hat said that cloud-native solutions require cloud-native security solutions, which can — and should — often include a DevSecOps approach. IT teams need to focus on selecting and implementing security tools that provide feedback and guardrails in the CI/CD application pipeline as well as the infrastructure pipeline.
Organisations need to plan for this transition as part of their transformation initiatives and not just rely on existing solutions, which often require substantial tailoring or adjustment to meet the rigors of cloud-native computing.
For Red Hat, one of the best ways to overcome the investment and adoption gap is by investing in cloud-native tools with security baked in, rather than it being an add-on.
With security integrated into the solution — from the operation system foundation to the application level — organisations don’t have to find additional money in the budget for security solutions that align with their latest technologies.