Human error and misconfigurations primary source of Kubernetes security snafus, report says

StackRox, a provider of cloud-native, container and Kubernetes security, warned in its previous report that the security implications for Kubernetes were beginning to spill over to adoption – and the release of its updated winter study have proved the company right.The paper, the winter edition of its State of Container and Kubernetes Security Report, was put together alongside 451 Research and polled more than 500 industry professionals.94% of those polled said they had experienced security incidents in their container environments during the previous 12 months. As is frequently the case with other cloud security snafus, human error – in this case misconfigured containers – can be found as a root cause, a trend which StackRox said was ‘alarmingly common.More than two thirds (69%) of those polled said they had experienced a misconfiguration incident; just over a quarter (27%) found a security incident during runtime, with a similar number (24%0 having a major vulnerability to remediate.
86% of respondents said they were running containerised applications in Kubernetes the same number as in the spring survey. However, the way Kubernetes is being used is changing rapidly, as more organisations put trust in the hyperscalers managing their workloads. Just over a third (35%) of respondents said they manage Kubernetes directly today – down from 44% six months ago – with more respondents (37%) using Amazon EKS. More than one in five (21%) say they use Azure AKS and Google GKE, with both representing a significant increase from spring.In a similar theme, maturation is increasing in terms of cloud-only environments. While hybrid deployments remain more popular 46% compared to 40% for cloud-only it represented a big drop from the 53% who cited it six months ago. For cloud-only, organisations remain predominantly trusting a single cloud, although multi-cloud deployments are becoming more popular.