 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
The entire cloud native world revolved around Kubernetes, but it’s not even 10 years old yet. But, while its adoption rate has skyrocketed, concerns about securing containerized workloads persist. Red Hat‘s The State of Kubernetes Security for 2023 report delves into cloud native development security risks.
Based on a global survey of 600 DevOps, engineering, and security professionals, this report uncovers common security challenges in cloud native adoption and their business impact. More than just the usual report of what people are saying and thinking, the report also covers best practices and guidance for secure application development.
But the report’s key findings are worrying:
This is not good. Adoption rates continue to grow, but security investments have not kept pace.
So, Red Hat recommends that organizations should invest in cloud native tools with built-in security to address this gap. IT teams need to focus on selecting and implementing security tools that provide feedback and guardrails in the CI/CD application pipeline and infrastructure pipeline. In other words, you should shift left with security whenever possible.
Specifically, cloud native security solutions should include a DevSecOps approach.
With 67% of respondents delaying or slowing down application deployment due to security concerns, these issues are seriously interfering with business.
Worse still, security incidents have led to employee terminations for 21% of respondents and fines for 25%. Revenue or customer loss was reported by 37% of respondents as a result of a container and Kubernetes security incident. You can’t afford these kinds of mistakes. They cost real money and can wreck your company’s reputation.
On the flip side, by prioritizing security early in a cloud native strategy, organizations can protect business assets, meet regulatory requirements, drive business continuity, maintain customer trust, and reduce the cost of remediating security issues.
In addition, users are figuring out that software supply chain security is a growing concern. Sonatype reported a 742% average annual increase in software supply chain attacks over the past three years. The top three concerns for survey respondents were vulnerable application components (32%), insufficient access controls (30%), and a lack of software bill of materials (SBOM) or provenance (29%). How bad is it? More than half of the respondents have experienced virtually every issue identified in the survey.
However, many organizations are making strides to better secure their software supply chains by adopting a comprehensive DevSecOps approach. Nearly half of the respondents already have an advanced DevSecOps initiative, and 39% are in the early stages of adoption. By focusing on software component security early in the development lifecycle and automating security integration using DevSecOps practices, organizations can transition from inconsistent manual processes to consistent, repeatable, and automated operations.
Well, that’s the hope anyway. Clearly, these security issues must be addressed. If not, then cloud native-oriented companies are going to face serious business headwinds in the days to come.
