SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
IT professionals concerned over the security of Kubernetes
Wed, 25th Jan 2023
FYI, this story is more than a year old

New research has revealed that more than half of IT professionals have concerns over the security of Kubernetes.

Civo, a pure play cloud-native service provider powered only by Kubernetes, has announced new research, finding that 53% of developers are concerned about the security of Kubernetes.

Taken from Civos The Kubernetes State of Play 2022, the research found 54% of some 1000 cloud developers surveyed by Civo view the complexity around Kubernetes as slowing their use of containers, an increase of 7% from the previous year. 

According to the report, failure to manage this complexity can often leave organisations vulnerable. When asked about other motivating factors for their security concerns around Kubernetes, just over 50% said misconfigurations and exposure were driving their concerns.

The research found many developers are also anxious about bad actors exploiting flaws in Kubernetes software. Almost two-thirds (66%) of developers said they were worried about the security concerns created by Kubernetes vulnerabilities, the research shows. 

Civo says this comes at a time of concerted action by tech firms and government bodies to address this problem. Notably, the US Congress is pressing ahead with the Securing Open Source Software Act to create an industry-wide approach to tackling vulnerabilities connected to open-source software like Kubernetes.

Despite these security concerns, they come at a time of increased usage of Kubernetes. Civo found that for the first time the majority of IT professionals are using Kubernetes and containers in their daily operations, with 57% of respondents seeing an increase in the amount of Kubernetes clusters running in their organisation over the last 12 months.

"With any increased adoption of technology comes a heightened security risk, and rightfully an increase in concerns around vulnerabilities," says Mark Boost, chief executive officer at Civo. 

"Humans are still the number one factor in cybersecurity breaches, so more users will equal more threats," he says. 

"Bad actors are aware of the growing popularity of Kubernetes, and therefore see it as a riper target." 

However Boost says a lot of good work has already been done to combat this issue. 

"Perhaps even more important than government legislation has been a wave of new standards and tools from the open-source community to find solutions to this problem, spearheaded by institutions like the Cloud Computing Foundation and The Open Source Security Foundation," he says. 

"It is essential for users to follow Kubernetes best practices, such as making configuring ports not accessible to the public. 

"Now is the time for innovators to band together to ensure Kubernetes resilience can support its long-term adoption."