Freely subscribe to our NEWSLETTER

“One of the most consistent results we get on our own surveys of DevOps and cloud-native security technologies is how important security is for those environments,” said Fernando Montenegro, principal analyst at 451 Research. “It is interesting to see how this observation fits well with the StackRox study, highlighting the need for both engineering and security professionals to have visibility and then properly deploy security controls and practices for container and Kubernetes environments.”

Nearly all – 94 percent – of the respondents have experienced security incidents in their container environments in the past 12 months
Data breaches and exposures due to human error, such as misconfigured containers and Kubernetes deployments, have become alarmingly common. Among those reporting security incidents, the majority – 69 percent – experienced a misconfiguration incident, while 27 percent reported a security incident during runtime and 24 reported having had a major vulnerability to remediate (respondents could select as many responses as applied).

Exposures due to misconfigurations dwarf all other security concerns
In this third edition of the StackRox report, respondents once again identified exposures due to misconfigurations as the most worrisome security risk for their container and Kubernetes environments, with 61 percent citing this concern. Only 27 percent cited vulnerabilities as their main concern, and just 12 percent worry most about attacks at runtime. This data speaks to the importance of configuration management in securing container and Kubernetes environments – the flexibility of these powerful platforms brings its own challenges.

Managed Kubernetes services have enjoyed major growth

Of the respondents running containerized applications, Kubernetes is being used by 86 percent – the same as the Spring 2019 survey showed. However, the way Kubernetes is being used has changed dramatically. No longer is self-managed the most dominant way to run Kubernetes – 37 percent of respondents cited using Amazon EKS compared to 35 percent managing Kubernetes themselves, down from 44 percent in Spring 2019. Use of both Azure AKS and Google GKE also climbed, with each cited by 21 percent of respondents.

Hybrid deployments dropped while cloud-only environments grew

Hybrid deployments remain more popular than cloud-only deployments, at 46 percent compared to 40 percent. But hybrid deployments saw a big drop from our survey six months ago, when they represented 53 percent of respondents. Of the cloud-only deployments, multi-cloud gained steam, increasing from 9 percent to 13 percent, but single-cloud use still dominates, at 27 percent for cloud only plus another 24 percent running on prem and in a single cloud provider. On-prem-only deployments have fallen dramatically since the first survey in Fall 2018, from 31 percent to just 14 percent today.

Skill shortages and a steep learning curve present the biggest Kubernetes challenges

Knowledge of Kubernetes is impacting more than 60 percent of respondents, with 33 percent citing an internal skills gap and another 28 percent identifying the steep learning curve as the most significant Kubernetes challenge their organization is facing. Only 15 percent cited executive understanding as their main difficulty, indicating that the business side of organizations understands and has bought into the benefits of Kubernetes.

Other key survey findings:

• For the third time in a row, security leads the list of top concerns users have about container strategies.
• Container security strategies continue to mature, with the percentage of respondents who lacked any form of security strategy dropping 68 percent, from 19 percent to just 6 percent.
• Despite misconfigurations topping the list of concerns and incidents, respondents remain most concerned about the runtime phase of the container life cycle (56 percent) vs. build and deploy.
• The percentage of organizations with fewer than 10 percent of their containers running in production fell from 39 percent to 28 percent.

“Our survey data affirms what we hear anecdotally from customers, that security has become a high priority as customers seek to deploy containers and Kubernetes applications in production,” said Kamal Shah, CEO of StackRox. “Organizations have executive buy in – the challenge is understanding the security and compliance requirements so that they can be addressed early in the application development life cycle and prevent delays to application deployment.”

About the StackRox Container and Kubernetes Security Report
StackRox surveyed more than 540 IT professionals for this third version of its industry-first report. Roughly 25 percent of respondents serve in security or compliance roles, 20 percent in operations, and 45 percent in product development and engineering roles. Nearly half of the respondents report working in large companies of more than 5,000 employees. In this edition, respondents from high-tech and financial services companies dominated the survey.