Over half of IT professionals have Kubernetes security concerns

Civo has published new research, finding that 53% of developers are concerned about the security of Kubernetes.

  • 8 months ago Posted in

Taken from Civo’s The Kubernetes State of Play 2022, the research found 54% of 1000 cloud developers surveyed by Civo view the complexity around Kubernetes as slowing their use of containers, an increase of 7% from the previous year. Failure to manage this complexity can often leave organizations vulnerable. When asked about other motivating factors for their security concerns around Kubernetes, just over 50% said misconfigurations and exposure were driving their concerns.

Many developers are also anxious about bad actors exploiting flaws in Kubernetes software. Almost two-thirds (66%) of developers said they were worried about the security concerns created by Kubernetes vulnerabilities. This comes at a time of concerted action by tech firms and government bodies to address this problem. Notably, the US Congress is pressing ahead with the Securing Open Source Software Act to create an industry-wide approach to tackling vulnerabilities connected to open-source software like Kubernetes.

Despite these security concerns, they come at a time of increased usage of Kubernetes. Civo found that for the first time the majority of IT professionals are using Kubernetes and containers in their daily operations, with 57% of respondents seeing an increase in the amount of Kubernetes clusters running in their organization over the last 12 months.

Mark Boost, CEO of Civo said “With any increased adoption of technology comes a heightened security risk, and rightfully an increase in concerns around vulnerabilities. Humans are still the number one factor in cybersecurity breaches, so more users will equal more threats. Bad actors are aware of the growing popularity of Kubernetes, and therefore see it as a riper target.

“Yet a lot of good work has already been done to combat this. Perhaps even more important than government legislation has been a wave of new standards and tools from the open-source community to find solutions to this problem, spearheaded by institutions like the Cloud Computing Foundation and The Open Source Security Foundation. It is essential for users to follow Kubernetes best practices, such as making configuring ports not accessible to the public. Now is the time for innovators to band together to ensure Kubernetes’ resilience can support its long-term adoption.”

To support professionals as they embark on implementing performance improvement in their enterprises, ISACA has introduced a new credentialing pathway for the latest model of its Capability Maturity Model Integration, or CMMI, with a Building Organizational Capability (BOC) course and corresponding new Practitioner Exam.
IT channel partners selling managed services are poised for robust growth in 2023, with a new forecast predicting global expansion of 12.7 percent, up from US$419 billion in 2022.
New partnership agreement enhances Infinigate security portfolio and supports Versa’s expansion into EMEA markets.
85% of UK respondents have suffered an API security incident in the last 12 months compared to an overall average of 78%.
The data we’re encrypting online today—from financial and personal identification information to military operations and intelligence data—could be quickly decrypted in the future by an adversary with access to a cryptographically relevant quantum computer. To drive progress toward broader understanding and public adoption of post-quantum cryptography (PQC) and the National Institute of Standards and Technology’s (NIST) PQC algorithms, a community of technologists, researchers, and expert practitioners launched the PQC Coalition. Founding coalition members include IBM Quantum, Microsoft, MITRE, PQShield, SandboxAQ, and University of Waterloo.
New AWS & CrowdStrike Cybersecurity Startup Accelerator will provide disruptive next generation cybersecurity EMEA startups with mentorship, partnership and funding opportunities.
Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost.
Harmony Email and Collaboration offers cloud email security and SaaS collaboration applications, ensuring thorough protection for Microsoft 365, Google Workspace, and other collaboration and file-sharing apps. Tailored for cloud email settings, Harmony Email and Collaboration acts as a shield, stopping threats before they reach the user's mailbox.