{"id":66438,"date":"2022-03-10T18:58:15","date_gmt":"2022-03-10T15:58:15","guid":{"rendered":"https:\/\/www.altoros.com\/blog\/?p=66438"},"modified":"2022-04-29T16:10:48","modified_gmt":"2022-04-29T13:10:48","slug":"misconfigurations-make-up-59-of-kubernetes-security-incidents","status":"publish","type":"post","link":"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/","title":{"rendered":"Misconfigurations Make Up 59% of Kubernetes Security Incidents"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#The_state_of_Kubernetes_security\" >The state of Kubernetes security<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#What_are_the_security_concerns\" >What are the security concerns?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#Security_requires_a_collective_effort\" >Security requires a collective effort<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#Kubernetes_security_best_practices\" >Kubernetes security best practices<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#Further_reading\" >Further reading<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"The_state_of_Kubernetes_security\"><\/span>The state of Kubernetes security<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Containerization has significantly changed the software life cycle as containers provide portability, agility, scalability, and the ability to use a microservices architecture. However, containers, being distributed, make it harder to identify security risks, such as vulnerabilities and misconfigurations. Organizations will typically deploy an increasing amount of containers over time, so keeping track and managing all of them is another challenge.<\/p>\n<p>To help organizations manage containers at a large scale, container orchestration solutions like Kubernetes have become a necessity. However, using a platform such as Kubernetes adds a new layer that needs to be secured. Without prior experience or expertise, organizations may be leaving their Kubernetes deployments vulnerable.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-attack-surface.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-attack-surface-1024x576.png\" alt=\"\" width=\"720\" class=\"aligncenter size-large wp-image-66478\" \/><\/a><small>Areas that need to be secured (<a href=\"https:\/\/sysdig.com\/wp-content\/uploads\/2019\/01\/kubernetes-security-guide.pdf\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>Recent reports emphasize security as one of the main concerns for Kubernetes deployments. We look into those reports from a security perspective and cover various Kubernetes best practices to help organizations protect their deployments.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"What_are_the_security_concerns\"><\/span>What are the security concerns?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>According to a <a href=\"https:\/\/www.redhat.com\/en\/engage\/state-kubernetes-security-s-202106210910\" rel=\"noopener noreferrer\" target=\"_blank\">report<\/a> by Red Hat about the state of Kubernetes security, 94% of respondents experienced a security incident in the last 12 months. The report compiled survey results from over 500 DevOps, engineering, and security professionals, providing insight on where security can be improved when using containers and Kubernetes.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-incidents.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-incidents-1024x576.png\" alt=\"\" width=\"720\" class=\"aligncenter size-large wp-image-66456\" \/><\/a><small>Leading causes of security incidents (<a href=\"https:\/\/www.redhat.com\/en\/engage\/state-kubernetes-security-s-202106210910\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>While many organizations use Kubernetes to facilitate the deployment and management of containers, configuring the container orchestration system, especially at scale, can get complicated. This is evidenced by nearly half of respondents being concerned over exposures due to misconfigurations in their Kubernetes environments. Common configuration mistakes include:<\/p>\n<ul>\n<li>accidentally exposing internal services<\/li>\n<li>running containers with too many privileges<\/li>\n<li>errors when defining a pod\u2019s security context or when implementing role-based access control<\/li>\n<\/ul>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/02\/Kubernetes-cloud-native-containers-adoption-2021-redhat-report-security-concerns.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/02\/Kubernetes-cloud-native-containers-adoption-2021-redhat-report-security-concerns-1024x576.png\" alt=\"\" width=\"720\" class=\"aligncenter size-large wp-image-66344\" \/><\/a><small>Nearly half are concerned over misconfigurations (<a href=\"https:\/\/www.redhat.com\/en\/engage\/state-kubernetes-security-s-202106210910\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>With most organizations being worried about misconfigurations, it is no surprise that they are also concerned about the runtime life cycle phase of containers. Typically, security issues at runtime are caused by misconfigurations during the build or deploy phases. Additionally, flaws in security are likely to be exposed and felt once an application is up and running in production.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-life-cycle.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-life-cycle-1024x576.png\" alt=\"\" width=\"720\" class=\"aligncenter size-large wp-image-66476\" \/><\/a><small>Most vulnerabilities are felt at runtime (<a href=\"https:\/\/www.redhat.com\/en\/engage\/state-kubernetes-security-s-202106210910\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>With nearly half of respondents running containers in hybrid environments, organizations need security that runs consistently regardless of where workloads are deployed.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-where-are-containers-running.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-where-are-containers-running-1024x576.png\" alt=\"\" width=\"720\" class=\"aligncenter size-large wp-image-66496\" \/><\/a><small>Container deployment strategies (<a href=\"https:\/\/www.redhat.com\/en\/engage\/state-kubernetes-security-s-202106210910\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>The report also highlighted problems regarding the container adoption strategies implemented by companies. Over a quarter of respondents are worried that their organization&#8217;s container adoption strategy does not invest enough in security.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-organization-concerns.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-organization-concerns-1024x576.png\" alt=\"\" width=\"720\" class=\"aligncenter size-large wp-image-66439\" \/><\/a><small>Container strategy concerns (<a href=\"https:\/\/www.redhat.com\/en\/engage\/state-kubernetes-security-s-202106210910\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>On a positive note, plenty of organizations are moving on the right track and are advancing their container and Kubernetes security strategies. More than half of respondents have either a basic or intermediate plan in place, and 11% already have an advanced plan for security. This means that more and more companies are coming up with mature security strategies, which also help push Kubernetes adoption. (In a recent <a href=\"https:\/\/www.altoros.com\/blog\/machine-learning-constitutes-65-percent-of-kubernetes-workloads\/\">blog post<\/a>, we covered how Kubernetes adoption grew by 67% in 2021.)<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-organization-strategy.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-organization-strategy-1024x576.png\" alt=\"\" width=\"720\" class=\"aligncenter size-large wp-image-66440\" \/><\/a><small>Breakdown of container security strategies (<a href=\"https:\/\/www.redhat.com\/en\/engage\/state-kubernetes-security-s-202106210910\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Security_requires_a_collective_effort\"><\/span>Security requires a collective effort<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>As more organizations adopt the practice of <a href=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/\">shifting left<\/a>, where security is factored in at the earliest stages in the development life cycle, 15% of the report respondents consider developers to be responsible for security. 27% of respondents say that the burden of security should lie with DevOps.<\/p>\n<p>Besides developers and DevOps, there is a near even distribution among other roles. This indicates that there is no one-size-fits-all strategy when it comes to Kubernetes security, and organizations should have tools that can facilitate collaboration between different teams.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-role-responsibility.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-role-responsibility-1024x576.png\" alt=\"\" width=\"720\" class=\"aligncenter size-large wp-image-66441\" \/><\/a><small>Roles responsible for Kubernetes security (<a href=\"https:\/\/www.redhat.com\/en\/engage\/state-kubernetes-security-s-202106210910\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<br \/>\n<\/small><\/center><\/p>\n<p>Building on the idea of shifting left, more companies are building development, security, and operations (DevSecOps) teams. DevSecOps involves automating the integration of security at every step of the software development life cycle.<\/p>\n<p>In the report, only 26% are still keeping DevOps and security roles separate, and nearly half of respondents indicate having some kind of DevSecOps initiative. This is a good indicator that most organizations are prioritizing security early in the development life cycle.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-devsecops.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-devsecops-1024x576.png\" alt=\"\" width=\"720\" class=\"aligncenter size-large wp-image-66442\" \/><\/a><small>A quarter of organizations are integrating and automating security (<a href=\"https:\/\/www.redhat.com\/en\/engage\/state-kubernetes-security-s-202106210910\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kubernetes_security_best_practices\"><\/span>Kubernetes security best practices<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>As previously mentioned, Kubernetes helps organizations to manage and deploy multiple containers. However, configuring and securing Kubernetes deployments at scale can get complicated.<\/p>\n<p>To help companies secure their deployments, there are several security guidelines provided in the <a href=\"https:\/\/kubernetes.io\/docs\/tasks\/administer-cluster\/securing-a-cluster\/\" rel=\"noopener noreferrer\" target=\"_blank\">official documentation<\/a> for Kubernetes. (In one of our previous <a href=\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/\">blog posts<\/a>, we shared a checklist for keeping deployments secure.) Additionally, the United States\u2019 National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a <a href=\"https:\/\/media.defense.gov\/2021\/Aug\/03\/2002820425\/-1\/-1\/1\/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF\" rel=\"noopener noreferrer\" target=\"_blank\">report<\/a> detailing how to protect Kubernetes clusters. All of these security best practices are applicable regardless of a Kubernetes distribution.<\/p>\n<p><b>Scan container and pods for vulnerabilities and misconfigurations.<\/b> Performing <a href=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#:~:text=Securing%20the%20build%20pipeline\">image scanning<\/a> is an ideal method to prevent running software from becoming vulnerable. One way to implement image scanning is by using an admission controller, a Kubernetes-native feature that can intercept and process requests to the Kubernetes API prior to persistence of the object, but after the request is authenticated and authorized. Before an image is deployed to a cluster, a custom webhook can be implemented. The admission controller can then block the image from being deployed if it does not meet security policies that are defined in the webhook configuration.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-National-Security-Agency-image-scanning.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-National-Security-Agency-image-scanning-1024x576.png\" alt=\"\" width=\"720\" class=\"aligncenter size-large wp-image-66443\" \/><\/a><small>Container build workflow with image scanning (<a href=\"https:\/\/media.defense.gov\/2021\/Aug\/03\/2002820425\/-1\/-1\/1\/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p><b>Follow the principle of least privilege.<\/b> Run containers and pods with the least privilege possible. This will reduce the impact of any potential attacks. Implementing the principle of least privilege can be done in multiple ways. One method is to build container images to run as a non-root user. Another option is to <a href=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#:~:text=Restrict%20privilege%20escalation\">configure RBAC policies<\/a> to specify allowed actions for users, groups, and service accounts in a namespace.<\/p>\n<p><b>Isolate networks.<\/b> Use network separation tools, such as host and network firewalls and Kubernetes network policies to control the amount of damage a breach can cause. <a href=\"https:\/\/research.nccgroup.com\/2021\/09\/09\/nsa-cisa-kubernetes-security-guidance-a-critical-review\/#:~:text=permissions%20at%20all.-,Isolate%20Networks,-Suggesting%20enforcing%20isolation\" rel=\"noopener noreferrer\" target=\"_blank\">Isolate namespaces<\/a> by setting a default network policy that denies all ingress and egress, and only permits connections that are explicitly required.<\/p>\n<p><b>Enable logging.<\/b> Use <a href=\"https:\/\/media.defense.gov\/2021\/Aug\/03\/2002820425\/-1\/-1\/1\/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF#page=29\" rel=\"noopener noreferrer\" target=\"_blank\">log auditing<\/a> so administrators can monitor activity and receive alerts. A service mesh, such as <a href=\"https:\/\/www.altoros.com\/blog\/using-istio-to-unify-microservices-with-a-service-mesh-on-kubernetes\/\">Istio<\/a>, can be implemented to help collect logs from each service, helping developers diagnose problems of microservices.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-National-Security-Agency-logging-service-mesh.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-National-Security-Agency-logging-service-mesh-1024x576.png\" alt=\"\" width=\"720\" class=\"aligncenter size-large wp-image-66444\" \/><\/a><small>Service mesh integrates logging with network security (<a href=\"https:\/\/media.defense.gov\/2021\/Aug\/03\/2002820425\/-1\/-1\/1\/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p><b>Bridge the gap between DevOps and security.<\/b> Most organizations with either have their DevOps or security teams running security platforms. To reduce friction, introduce <a href=\"https:\/\/www.redhat.com\/rhdc\/managed-files\/cl-state-kubernetes-security-report-ebook-f29117-202106-en_0.pdf#page=16\" rel=\"noopener noreferrer\" target=\"_blank\">security tooling<\/a> that can facilitate quick interaction between both teams.<\/p>\n<p><b>Run benchmark security tests.<\/b> Even when following security best practices, it is possible to overlook a few factors. To be certain, <a href=\"https:\/\/sysdig.com\/wp-content\/uploads\/2019\/01\/kubernetes-security-guide.pdf#page=31\" rel=\"noopener noreferrer\" target=\"_blank\">use benchmarks<\/a>, such as those published by the Center for Internet Security (CIS) to test cluster security.<\/p>\n<p><b>Periodical configuration review.<\/b> <a href=\"https:\/\/research.nccgroup.com\/2021\/09\/09\/nsa-cisa-kubernetes-security-guidance-a-critical-review\/#:~:text=Regular%20Configuration%20Review\" rel=\"noopener noreferrer\" target=\"_blank\">Regularly check<\/a> all Kubernetes settings and use vulnerability scans to help identify risks and to ensure that security patches are applied.<\/p>\n<p>Typically, Kubernetes deployments are functional out-of-the-box, but are not necessarily secure. Following the recommendations above can help organizations, especially those running multiple clusters, create a standardized deployment process that is both secure and consistent.<\/p>\n<p>Want to learn more about the current state of Kubernetes adoption? Read our recent <a href=\"https:\/\/www.altoros.com\/blog\/machine-learning-constitutes-65-percent-of-kubernetes-workloads\/\">article<\/a> that examines how containerization has grown by 2022, covering recommendations for facilitating the cloud-native journey.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Further_reading\"><\/span>Further reading<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/machine-learning-constitutes-65-percent-of-kubernetes-workloads\/\">Machine Learning Constitutes 65% of Kubernetes Workloads<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/\">Ensuring Security Across Kubernetes Deployments<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/\">Tips for Implementing Shift-Left Security on Kubernetes<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<hr \/>\n<p><center><small>This blog post was written by <a href=\"https:\/\/www.altoros.com\/blog\/author\/carlo\/\">Carlo Gutierrez<\/a> and edited by <a href=\"https:\/\/www.altoros.com\/blog\/author\/sophie.turol\/\">Sophia Turol<\/a>.<\/small><\/center><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The state of Kubernetes security<\/p>\n<p>Containerization has significantly changed the software life cycle as containers provide portability, agility, scalability, and the ability to use a microservices architecture. However, containers, being distributed, make it harder to identify security risks, such as vulnerabilities and misconfigurations. Organizations will typically deploy an increasing amount of [&#8230;]<\/p>\n","protected":false},"author":32,"featured_media":66508,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[7],"tags":[873,117,912],"class_list":["post-66438","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-opinion","tag-cloud-native","tag-iot","tag-kubernetes"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Misconfigurations Make Up 59% of Kubernetes Security Incidents | Altoros<\/title>\n<meta name=\"description\" content=\"More organizations are coming up with mature security strategies, including implementing the shift left approach and starting DevSecOps initiatives.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Misconfigurations Make Up 59% of Kubernetes Security Incidents | Altoros\" \/>\n<meta property=\"og:description\" content=\"The state of Kubernetes security Containerization has significantly changed the software life cycle as containers provide portability, agility, scalability, and the ability to use a microservices architecture. However, containers, being distributed, make it harder to identify security risks, such as vulnerabilities and misconfigurations. Organizations will typically deploy an increasing amount of [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/\" \/>\n<meta property=\"og:site_name\" content=\"Altoros\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-10T15:58:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-29T13:10:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-concerns-best-practices-and-recommendations.gif\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"576\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/gif\" \/>\n<meta name=\"author\" content=\"Carlo Gutierrez\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carlo Gutierrez\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/\",\"name\":\"Misconfigurations Make Up 59% of Kubernetes Security Incidents | Altoros\",\"isPartOf\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-concerns-best-practices-and-recommendations.gif\",\"datePublished\":\"2022-03-10T15:58:15+00:00\",\"dateModified\":\"2022-04-29T13:10:48+00:00\",\"author\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#primaryimage\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-concerns-best-practices-and-recommendations.gif\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-concerns-best-practices-and-recommendations.gif\",\"width\":1024,\"height\":576},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.altoros.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Misconfigurations Make Up 59% of Kubernetes Security Incidents\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\",\"url\":\"https:\/\/www.altoros.com\/blog\/\",\"name\":\"Altoros\",\"description\":\"Insight\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.altoros.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442\",\"name\":\"Carlo Gutierrez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg\",\"caption\":\"Carlo Gutierrez\"},\"description\":\"Carlo Gutierrez is a Technical Writer at Altoros. As part of the editorial team, his focus has been on emerging technologies such as Cloud Foundry, Kubernetes, blockchain, and the Internet of Things. Prior to Altoros, he primarily wrote about enterprise and consumer technology. Carlo has over 12 years of experience in the publishing industry. Previously, he served as an Editor for PC World Philippines and Questex Asia, as well as a Designer for Tropa Entertainment.\",\"url\":\"https:\/\/www.altoros.com\/blog\/author\/carlo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Misconfigurations Make Up 59% of Kubernetes Security Incidents | Altoros","description":"More organizations are coming up with mature security strategies, including implementing the shift left approach and starting DevSecOps initiatives.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/","og_locale":"en_US","og_type":"article","og_title":"Misconfigurations Make Up 59% of Kubernetes Security Incidents | Altoros","og_description":"The state of Kubernetes security Containerization has significantly changed the software life cycle as containers provide portability, agility, scalability, and the ability to use a microservices architecture. However, containers, being distributed, make it harder to identify security risks, such as vulnerabilities and misconfigurations. Organizations will typically deploy an increasing amount of [...]","og_url":"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/","og_site_name":"Altoros","article_published_time":"2022-03-10T15:58:15+00:00","article_modified_time":"2022-04-29T13:10:48+00:00","og_image":[{"width":1024,"height":576,"url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-concerns-best-practices-and-recommendations.gif","type":"image\/gif"}],"author":"Carlo Gutierrez","twitter_misc":{"Written by":"Carlo Gutierrez","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/","url":"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/","name":"Misconfigurations Make Up 59% of Kubernetes Security Incidents | Altoros","isPartOf":{"@id":"https:\/\/www.altoros.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#primaryimage"},"image":{"@id":"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#primaryimage"},"thumbnailUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-concerns-best-practices-and-recommendations.gif","datePublished":"2022-03-10T15:58:15+00:00","dateModified":"2022-04-29T13:10:48+00:00","author":{"@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442"},"breadcrumb":{"@id":"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#primaryimage","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-concerns-best-practices-and-recommendations.gif","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2022\/03\/Kubernetes-cloud-native-containers-security-concerns-best-practices-and-recommendations.gif","width":1024,"height":576},{"@type":"BreadcrumbList","@id":"https:\/\/www.altoros.com\/blog\/misconfigurations-make-up-59-of-kubernetes-security-incidents\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.altoros.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Misconfigurations Make Up 59% of Kubernetes Security Incidents"}]},{"@type":"WebSite","@id":"https:\/\/www.altoros.com\/blog\/#website","url":"https:\/\/www.altoros.com\/blog\/","name":"Altoros","description":"Insight","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.altoros.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442","name":"Carlo Gutierrez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg","caption":"Carlo Gutierrez"},"description":"Carlo Gutierrez is a Technical Writer at Altoros. As part of the editorial team, his focus has been on emerging technologies such as Cloud Foundry, Kubernetes, blockchain, and the Internet of Things. Prior to Altoros, he primarily wrote about enterprise and consumer technology. Carlo has over 12 years of experience in the publishing industry. Previously, he served as an Editor for PC World Philippines and Questex Asia, as well as a Designer for Tropa Entertainment.","url":"https:\/\/www.altoros.com\/blog\/author\/carlo\/"}]}},"_links":{"self":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/66438","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/comments?post=66438"}],"version-history":[{"count":56,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/66438\/revisions"}],"predecessor-version":[{"id":66693,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/66438\/revisions\/66693"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media\/66508"}],"wp:attachment":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media?parent=66438"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/categories?post=66438"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/tags?post=66438"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}