1/11/2024 0 Comments Openshift cis benchmarkIn short, the current Kubernetes security landscape is nothing short of a mess. Because of the lift, companies will negate the fact that security is crucial until a catastrophic security incident occurs. There will be so much tech debt that companies end up having to rip out 50-60% of what was built to implement security practices. At that point, it’s most likely already too late. For a lot of companies, once the platform, features, and bugs are squared away, is when they start thinking about security. Security is always an afterthought, which shouldn’t be the case. The number of security engineers compared to the number of developers in an organization is grossly low. Do they want full Kubernetes? A hybrid solution? On-prem or in the cloud? The list of questions goes on and on, and because of that, they aren’t even thinking about security. The reason why is that although Kubernetes is a popular topic, engineers and organizations are still trying to figure out how to implement it. In fact, only 10% of environments using Kubernetes have fifty (50) clusters or more. When you look at the percentages above, there’s a trend - security is a huge issue in the Kubernetes space.Īlthough Kubernetes is extremely popular and a “hot” topic in today’s cloud-native world, the amount of organizations implementing it is quite low. Around 70% of security issues in Kubernetes are due to misconfigurations (according to Gartner it’s 99%). ![]() More than half of respondents (55%) have had to delay an application rollout because of security concerns.93% of respondents experienced at least one security incident in their Kubernetes environments in the last 12 months.The Current Kubernetes Security LandscapeĪ recent State Of Kubernetes Security report from Red Hat came out, and although it covered a ton of great information, here are some highlights directly related to the security landscape: In this blog post, you’ll learn about what CIS is, why it’s important, and a couple of great tools to get started with. Practices like SOC2, HIPPA, PHI, HiTrust, and others that make up government, healthcare, and other sectors for meeting regulatory requirements. To think about it from a different perspective, on the opposite side of the spectrum is compliance. Maybe security is looked at as too difficult to implement and organizations need tools, platforms, or a protocol that helps developers implement security best practices in an easier way. If you take a look at the “Developer to Security Engineer” ratio, it becomes quite apparent. Instead, organizations are usually more worried about features. ![]() Note that these are not released as frequently as Kubernetes releases.As more organizations, both small and large, begin to implement orchestrators like Kubernetes, many are faced with the same problem - security and compliance.Īs all engineers know, security is typically not on the scale of importance from the start unless something catastrophic happens. Going forward we plan to release updates to kube-bench to add support for new releases of the CIS Benchmark. Kindly read Contributing before contributing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |