Unraveling the State of Kubernetes Security in 2024

We explored the Red Hat State of Kubernetes security report 2024, one of our favorite yearly reports. It’s jam-packed with incredibly fascinating information about one of our favorite subjects—Kubernetes security. Imagine that!

In this post we’ll review some of the more interesting data points and contrast them with results from prior years. We’ll also discuss our own perspectives and observations on how this affects you as a Kubernetes user. We will also show how ARMO Addresses 100% of Key Concerns Highlighted in the Report.

State of Kubernetes Security – TL;DR

The following are perhaps the most important conclusions to draw from the data:

• Concern about misconfigurations continues to decrease year over year. However, it still remains a practical worry and a top concern for many. This is based on the understanding that incorrectly configured components can introduce critical security issues across entire environments. 
• Concern for vulnerability counts is trending upwards year over year. Vulnerabilities are recognized as the highest risk aspect of software supply chains. They can result in security incidents such as data breaches and malware execution. Organizations are aware that mitigating vulnerabilities is complex. Automated, continuous security scanning can help teams proactively address them before exploitation.
• While the number of runtime incidents is dropping, it is still not at the levels seen in 2021-2022 and a majority of respondents said they experienced at least one container or Kubernetes security incident in the last 12 months. This indicates improvements in security at build-time (shift-left). However, even a single breach can have devastating effects on organizations and individuals. These  include revenue loss, fines and employee termination.
• The good news is that most organizations surveyed recognize the value of DevSecOps and are fostering collaboration between DevOps and security teams. Mature organizations are integrating and automating security tools and processes, while emerging organizations are focused on developing joint policies and workflows. This indicates a trend of organizations steadily progressing in securing their Kubernetes infrastructure and workloads.

Quick Snapshot of the Data Across the Years

	2024	2023	2022	2021
Have you ever delayed or slowed down application deployment into production due to container or Kubernetes security concerns?
Yes	67%	67%	55%	55%
No	33%	33%	45%	45%
In the past 12 months, what security incidents or issues related to containers and/or Kubernetes have you experienced?
Misconfiguration	40%⬇	45%	53%	59%
Security incident during runtime	45%⬇	49%	30%	32%
Major vulnerability to remediate	44%⬆	42%	38%	31%
Failed audit	26%	27%	22%	20%
What is your biggest concern about your company’s container strategy?
It isn’t taking security seriously or investing in security adequately	42%⬆	38%	31%	45%
It is progressing too slowly	19%⬇	25%	22%	15%
It doesn’t account for compliance needs	14%	14%	6%	14%
It doesn’t address skills gaps on our team	11%	13%	20%
It doesn’t account for cultural or process changes	13%	10%	12%
What role at your company is most responsible for container and Kubernetes security?
Ops (architect, platform, infrastructure, SRE, cloud)	18%	20%	16%	21%
DevOps	17%	18%	43%	27%
DevSecOps	15%	15%	19%	18%
Security (cloud security, security eng., InfoSec)	34%⬆	28%	16%	18%
Developer	16%	20%	6%	15%
Do you have a DevSecOps initiative in your organization?
Yes – advanced stage	42%⬇	45%⬆	27%	25%
Yes – early stage	48%⬆	39%	50%	49%
No	10%⬇	17%	22%	26%
Of the following risks, which one are you most worried about for your container and Kubernetes environments?
Vulnerabilities	33%⬆	30%	28%	31%
Misconfigurations/exposures	27%	28%	46%	47%
Attacks	24%	25%	16%	13%
Failing compliance (SOC2, PCI, HIPAA, etc.)	16%	18%	9%	8%

Kubernetes Security and ARMO

ARMO is dedicated to addressing the genuine security concerns of businesses that use the cloud and specifically Kubernetes in production. It does so while mitigating alert fatigue in teams and inflated resource consumption, seen in some security tools. This dedication is demonstrated by ARMO Platform’s ability to address all issues highlighted in the report.

• 33% most concerned about Vulnerabilities – The ARMO team understands that identifying, tracking, and evaluating vulnerabilities can be very time-consuming. That’s why ARMO Platform offers a simple and automated solution to assess and prioritize vulnerabilities. ARMO provides different perspectives to address vulnerabilities, whether it’s through Attack Paths to pinpoint the critical step for immediate improvement or Risk Spotlight to highlight the most immediate risks to the organization.

• 27% most worried about Misconfigurations – This one is next on the list of risks that respondents are most concerned about. Historically, misconfigurations were remediated based on well-known industry benchmarks. This still holds true today. However, experience has shown that strict adherence to the benchmarks may, at times, undermine the functionality of the workloads running on the infrastructure. There are two ways to solve this. Either through grueling trial and error or a good understanding of the workload. ARMO has developed functionality that informs users if it is safe to change a configuration. This allows teams to easily strike a balance between security and application needs.

• 24% most troubled by Attacks – As mentioned earlier, runtime incidents have decreased, but haven’t returned to the lower levels observed in 2021-2022. Applications are vulnerable to attack on 3 fronts. Vulnerabilities and weaknesses that weren’t caught on the left during hardening and posture management, zero day vulnerabilities and malware attacks. ARMO’s Cloud Detect and Response covers all three of these. Alerting and responding as attacks are discovered. Still sensitive to alert fatigue, the system collates all related alerts into a single incident that provides context and reduces the noise created by individual alerts.

• 16% most troubled by Compliance – The concern for compliance is not significantly lower than last year and definitely not down to the levels in 2021-2022. This shows that compliance has become a fundamental requirement for many organizations. However, compliance is not “one and done”, which is why there are periodic audits.  Using ARMO Platform teams can easily assess compliance and avoid drift over time.

In summary ARMO covers 100% of the top risks that concern developers and security practitioners today with regards to Kubernetes security. Moreover, it is managed with a single pane of glass, and a holistic view that provides value to both security and DevOps practitioners.

A fundamental technology that ARMO uses to create the context necessary to provide full coverage for all the security concerns detailed above is eBPF. It has developed an eBPF-based sensor that captures runtime information about the infrastructure and the application behavior. Combining that with cloud and Kubernetes context enables ARMO Platform to create a virtuous cycle.

It enables posture management to identify security gaps and risks during runtime. Runtime, in turn, signals there are emerging high-priority attack paths and provides context for vulnerability management. Runtime context also supports hardening measures without compromising application uptime and ensures continuous compliance.

Conclusion

The 2024 Red Hat State of Kubernetes Security report highlights several evolving trends and persistent challenges in the Kubernetes security landscape. Misconfigurations, while decreasing, remain a significant concern, alongside the rising worry about vulnerabilities. The data underscore the importance of continuous security scanning and the growing adoption of DevSecOps practices to foster collaboration between development and security teams. 

ARMO’s approach to addressing these issues, through automated vulnerability management, misconfiguration alerts, and real-time attack detection, positions it as a solution of choice for organizations concerned with securing their Kubernetes environments. By leveraging advanced technologies like eBPF, ARMO ensures a holistic and proactive security posture, enabling businesses to mitigate risks effectively while maintaining operational efficiency. 

As Kubernetes continues to be a cornerstone of modern infrastructure, the insights from this report serve as a vital guide for enhancing security strategies and safeguarding critical applications.

👉 Use this checklist to see where your Kubernetes security stands 👈