Over Half of Users Report Kubernetes/Container Security Incidents

Cloud native development practices are creating dangerous new security blind spots for organizations in the US, UK, France and Germany, according to a new study from Venafi.

The machine identity specialist polled 800 security and IT leaders from large organizations based in these four countries to compile its latest report: The Impact of Machine Identities on the State of Cloud Native Security in 2023.

It revealed that 59% of respondents have experienced security incidents in their Kubernetes or container environments – with network breaches, API vulnerabilities and certificate misconfigurations the main culprits.

Nearly a third (30%) of these organizations claimed this incident led to a data breach or network compromise. This can have serious knock-on effects: a third (33%) had to delay an application launch, 32% experienced disruption to their application service and 27% suffered a compliance violation as a result.

Read more on cloud native risks: Misconfigs and Unpatched Bugs Top Cloud Native Security Incidents

Potential skills and awareness gaps in this area loom large. Nearly all (90%) respondents argued that security teams need to increase their understanding of cloud native environments to keep applications secure, while 59% of those who migrated to the cloud admitted they didn’t understand the security risks of doing so.

“Cloud native is the way of the future, enabling highly scalable, flexible and resilient applications that can deliver a competitive edge – in a few years, almost everything will be running on cloud native architecture,” argued Matt Barker, global head of cloud native services at Venafi.

“But amid the rush to transition to these modern environments, many organizations are underestimating the work needed to deliver efficiency and security. As organizations continue to move more critical workloads into cloud native environments, they need to ensure they close these gaps, or we will see even more breaches and outages.”