Red Hat recently released its State of Kubernetes Security report for 2024. The report shows that as the popularity of Kubernetes grows, the more important security planning and tooling becomes.

The report delivers insights into the following:

• Specific security risks facing organizations and the steps they are taking to mitigate these risks.
• The types and frequencies of security incidents that organizations experience in Kubernetes environments.
• The distribution of Kubernetes security responsibilities across the organization.
• Guidance for reducing risks throughout application lifecycles.

Security incidents can occur in all phases of the application lifecycle, and can be caused by a variety of issues. Despite the popularity of Kubernetes, many organizations are still cautious in their approach. Forty-two percent (42%) of respondents cite security as a top concern with container and Kubernetes strategies, noting the difficulties that can surface as security incidents, vulnerabilities, and misconfigurations at different stages of the application lifecycle.

Current container strategies present security-related concerns, with 42% of respondents suggesting that their company does not have sufficient capabilities in place to help address container security and related threats, particularly in light of the increased complexity that comes with modern computing environments.

Security issues continue to impact business outcomes, with 67% of respondents indicating that their companies delayed or slowed application development as a result of rising security concerns. The complexity of container-based Kubernetes environments is also a factor with which some organizations still struggle.

DevSecOps practices are common across organizations, with 42% of respondents reporting DevSecOps initiatives in an advanced stage in their organization. Meanwhile, 48% of respondents say their organization values DevSecOps and is in the early adoption stage, with teams collaborating on policies and workflows. This marks a notable improvement from last year, when only 39% of respondents reported being at this stage.

For the 2024 report, Red Hat surveyed 600 DevOps, engineering, and security professionals from the U.S., U.K., and English-speaking countries in Asia Pacific to identify trends in containers, Kubernetes, and cloud-native security. Data was collected through online and phone interviews in December 2023 and January 2024.