Open source information / Kubernetes /
text

Red Hat Kubernetes report: security has become the biggest challenge, and the crux of the problem lies in people

Source: OSCHINA
Edit: Boiled water without sugar
2022-05-20 08:22:47
two
[Live Broadcast Preview] Can SQL audit all database problems?

Red Hat release The latest "Kubernetes Security in 2022" report investigates the security challenges organizations face in cloud native development, and how they respond to these challenges to protect their applications and IT environment. Based on a survey of more than 300 DevOps, engineering and security professionals, the report focuses on how the company balances the security of these environments while adopting containers and Kubernetes.

The report points out that, similar to previous years, safety is still one of the biggest problems in container adoption. The integration of new technologies with traditional IT environments may bring unexpected security challenges. As the security requirements of containers span all aspects of the application life cycle, from development to deployment and maintenance, containers are particularly complex. The report found that the most common concern of 31% of respondents about container strategies was the threat to container security and insufficient investment in container security.

93% of the respondents have experienced at least one security incident in their Kubernetes environment in the past 12 months, which sometimes led to the loss of income or customers. Over the past year, more than half of the respondents (55%) had to postpone the launch of their applications due to security issues. In this regard, The report blames Kubernetes for its focus on productivity rather than security. "Although Kubernetes and containers are powerful, they are designed for the productivity of developers, not necessarily for security. For example, the default pod to pod network setting allows open communication to quickly start and run a cluster, but it sacrifices security reinforcement."

According to the report, human error is still one of the reasons for data leakage; It refers to World Economic Forum A research report It is proved that "human error is the main contributing factor of 95% of data leakage events". Data shows that in the past 12 months, nearly 53% of respondents have experienced misconfiguration events in their environment. 38% found a major vulnerability, and 30% said they had encountered a run-time security incident; Another 22% said they failed the audit.

Compared with the network attack widely concerned by the media, IT personnel are most worried about the risk caused by misconfiguration. "Kubernetes is highly customizable, with various configuration options that can affect the security status of the application. Therefore, respondents are most worried about the risk (46%) caused by the misconfiguration in the container and Kubernetes environment - almost three times more worried about attacks (16%).". Automating configuration management as much as possible will help alleviate these problems.

On the other hand, DevSecOps has gradually become the standard of some organizations. The vast majority of respondents (78%) said that they had DevSecOps plans at the primary or advanced stages. In terms of DevSecOps, 27% of respondents believe that they are the most forward-looking organization. They adopt the advanced DevSecOps plan to integrate and automate security throughout the application life cycle.

The cooperation among development, operation and maintenance and security teams is also valued. The report points out that due to today's rapid release cycle, security has to be moved to the left and embedded in DevOps workflow, rather than considered when the application is about to be deployed to production; Most respondents agreed with this view. In addition to many people who are implementing DevSecOps, only 22% of respondents said they continue to operate DevOps separately from security; And only 16% of respondents confirmed that they would be responsible for Kubernetes' security by the central IT security team.

Red Hat concluded that despite the potential security problems, the advantages of using containers and Kubernetes still outweigh the disadvantages. The key is to find a container and Kubernetes security platform, and take DevOps best practices and internal control as part of its configuration check. It should also assess the security of Kubernetes' own configuration so that developers can focus on function delivery.

Full Report Address

Expand to read the full text

Related Links

The news on this website is prohibited to be reproduced without authorization. Violators will be investigated for relevant legal responsibilities according to law. For authorization, please contact: oscbianji#oschina.cn

Title: Red Hat Kubernetes report: security has become the biggest challenge, and the crux of the problem lies in people

Address: https://www.oschina.net/news/196582/state-kubernetes-security-2022

Click to join the discussion 🔥 (2) Post and join the discussion 🔥
This wonderful review

Hot content

More highlights
Gpress v1.0.4 has been released, and Web3 content platform
Kaiyuan Daily | Qt for OpenHarmony; Intel plays a major role in China's open source ecosystem; The scale of domestic industrial software market is about 241.4 billion yuan; Huawei Pure Blood Hongmeng and Kaiyuan Hongmeng Equipment Interconnection
The scale of domestic industrial software market in 2023 will be about 241.4 billion yuan
OpenAI will take additional measures to stop the use of APIs in non supported countries
JetBrains AI Assistant will integrate Gemini model
Data visualization engine G2 v5.1.23 release
Qt cooperates with Huawei to develop the OpenHarmony version
The White Paper of Shanghai Health "Information Technology Application Innovation" will be published in C #/ NET identified as "A component"
Vxe table 4.7.33 has been released. The vue table solution
Emacs 29.4 Release
OpenKylin Xi'an user group was established, and user groups in many places are continuously being recruited!
New method of JavaScript Set
Byte bounce response cooperates with Broadcom to develop AI chip: false message
Redison 3.32.0 released, the official recommended Redis client
Simple Admin Go distributed background management system v1.4.8 release
Support NASDAM database, JumpServer bastion machine v3.10.11 LTS version released
XL LightHouse 2.2.4 release, easy to realize real-time big data statistics
How can algorithmic experts solve the super difficult application of functional large model?
How Kubestronaut was refined - Yongkang He's Cloud Primitive Road
Open Source Daily | New Xcode 16 features require at least 16GB of memory; We are still the largest importer of chips; The rise of Hongmeng; Astronomers hate Musk
Write an IM (01) like WeChat from zero with t-io: big background
Large e-commerce website Occidental Taobao was launched, based on betl technology
Read optimization of beetl 2 method
The ppt version introduced by beetl
A browser plug-in for website reminders of Putian hospitals
New technology goals in 2017
nutz, Come tonight (1): Consequences of repeatedly creating ioc containers
nutz, Send it tonight (2): How can I get all the paths of 00/00/00/00 when uploading files? Can I change them
Beta eclipse plugin prototype
From enterprise application technology team to Internet technology team
Beitl Open Source 2
nutz, Come here tonight (8): How to write+1 update sql with Chain
nutz, Come here tonight (16): the class has marked @ IocBean and @ Inject, and the new object has no injection?
nutz, Come here tonight (7): What is the relationship between dao. js and IocBean?
Jodd-madvoc Integration with beetl
Lomox_2013_04_05_Release released, adding resource management API
Write an IM like WeChat from zero with t-io (03): network framework selection
nutz, Come here tonight (6): What is the relationship between @ IocBy and @ Modules?
Write an IM (04) like WeChat from zero with t-io: IM protocol design
A beautiful extension function provided by the developer to print out the betl template variables
Deep complaining hibernate
How to use beetl in maven+jetty environment
It's not scientific
My story
BeetlSQL, Simple and powerful database access tools (updated)
The performance test effect of beetl2 is good
Good and professional beetl code
nutz, Come tonight (18): Does Nutz have a tool or method for generating beans from database tables?
The beetl session is not created
Complete Solution to Struts2 Vulnerability
6 innovation points of template engine Beet
The number of newly added users of Beetl in China is less than a fraction of Freemaker
Beetl donation account
nutz, Coming tonight (12): tree structure (parent type or client type), how to configure
LomoX json for QT source code release
The idea of rewriting syntax parsing
Interesting place of beetl template engine
Which one is better in Daotool page turning technology?
A couplet for all small start-ups
What happened in the open source process of Beetl
nutz, Tonight, let's send (17): How do nutz and quartz play?
nutz, Let's post tonight (14): What parameter can the entry method declare to obtain all form parameters?
The website of Aiche Baba adopts beetl
Just want to say
nutz, Come tonight (15): Does nutz support simultaneous rollback of multiple data sources? What are the limitations?
How to use beetl in maven
Some misunderstandings about betl
Analysis of "Best Template Engine" Beetl Analysis and Comparison with Tiny Template Engine "
Beetl2.0 will be released soon
Expand beetl to enable HTML tags to support parent-child nesting
BEETL Performance Secrets 2: How languages access variables
Why JSP is slower than Beetl
beetl The number of downloads in China seems to be almost the same as that of Freemaker
A design method using message framework segmentation and extension
nutz, Come here tonight (5): How to download files?
Still using AJAX+Json, switch to AJAX+Beetl
nutz, Coming tonight (11): first in 2015, how to limit the entry method to POST
Location:Action, New ideas for JSON serialization
Use json in beetl
History repeats and repeats
Context performance improvement of beetl 2
BEetlSQL implements ORMapping query
The first draft of the grammar file of beetl 2
Lomox new version 2014-04-26
nutz, Tonight, let's send (4): Nutz's project uses MySQL, and the next morning reported a connection error. What's the reason?
Is a 30% salary increase on the Internet worthwhile?
Beetl2.0.2 byte output performance improvement
Seven weapons for thick black architects to survive
The development of Beetl is completed, and the performance test is good, as shown in the figure
Beanstalkd windows support
Combination of beetl and shrimp
nutz, Send it tonight (13): What about the verification code?
It's very difficult for individuals to engage in open source
Beetl Performance Secrets 1: How to Output an Integer Variable
LomoX Browser - Chromium&IE dual core browser
Beetl Spring extension
Write an IM (02) like WeChat from scratch with t-io: team building
Beetl example used in my own project
First draft of beetl 2 grammar
LomoxFramework Party Handout Shenzhen First Party

Popular comments of the whole site

Monkeys think of apes
Monkeys think of apes 2024-05-31 18:31
You can cheat your brother. Just don't cheat yourself
Francesca
Francesca 2024-05-19 18:00
Wine runs the Android emulator of Windows. Chrome OS is installed in the Android emulator. Linux environment is installed in chrome OS. Linux environment is installed in the Linux environment. Wine is installed in the Android emulator
Bright
Bright 2024-05-19 23:25
What a fool! I killed myself. How can people deal with me later.
Ice God
Ice God 2024-06-25 17:42
How do you feel? I also want to buy
Intermarch
Intermarch 2024-05-30 13:42
800 million yuan was used for the database industry base of Damon China, and 603 million yuan was used for the construction project of Damon Research Institute. It raised 2.351 billion yuan and 1.403 billion yuan for infrastructure construction. six hundred and sixty-six
G
GDWhisperer 2024-05-15 17:23
I transferred tens of thousands of yuan to my own account, which was under risk control. How did I do this? The bank should be responsible for this 😂
u
uncle_haiyang 2024-06-25 17:31
Still like claude3, which is too slow to bear
O
Chief appraiser of OSC waste project 2024-06-25 19:59
Hey? What about your ending ":)"? What about your personality? Just a few words, you think it's too much. A little unbearable? Worried? How many people are disgusted when you put these titles on the Internet every day? Have you considered others' feelings? A lot of scolding, right? We can make products just as we make them. It is not shameful to use domestic products. People can do things like Jfinal really well and reliably. The same thing as your toy is hyped every day. It's really embarrassing to use your toy. Since you want to generate traffic in this way, you can't stand criticism? Sarcasm? Delete the warehouse, this thing, no! People! Use!
Plum wine is delicious
Plum wine is delicious 2024-06-25 20:20
If you haven't used it, you will feel that it is not good and insult him..... This doesn't make sense. Everyone has been to school, so we should be reasonable
Qin Liming
Qin Liming 2024-05-11 09:12
be devoid of any sense of shame
OSC_YCyote
OSC_YCyote 2024-06-25 16:11
Very good, very good development language, I like it. Set up an environment to create a hello word
Post List
Post List 2024-06-25 17:31
Finally catch up with Microsoft
c
crystalsis 2024-06-18 15:06
The comment area is very interesting. What's the difference between writing kernel panic in white on a black background and writing it in white on a blue background? It's also "epic retrogression"
waylau
waylau 2024-06-25 18:00
I regret that there is taiwan but no china
Si
Stephen 421 2024-06-12 10:37
If I write a script that allows AI to generate images according to various keywords 24 hours a day, I can sit at home and wait to collect money
ACANX
ACANX 2024-06-25 21:09
Ask the same question
Happy LeapFrog
Happy LeapFrog 2024-05-18 09:18
But the question is: "What's the use of this for ordinary Android users?" Now the answer seems to be: "Almost nothing.".
Plum wine is delicious
Plum wine is delicious 2024-06-25 20:21
In addition... We are indeed "domestic", the purest domestic product in China... This is true
game
game 2024-06-25 18:52
Brothers, it's time for welfare again. Baidu Smart Cloud Qianfan launched the big model inclusive plan, switching to the big model platform with the first domestic deployment at zero cost. From now on, we will provide new registered enterprise users with: - 0 yuan to call: Wenxin flagship model is free for the first time, and ERNIE3.5 flagship model 50 million Tokens package will be presented. The main model ERNIE Speed/ERNIE Lite and lightweight model ERNIE Tiny will continue to be free. Additional gift of ERNIE3.5 flagship model token package equivalent to the scale of OpenAI use for OpenAI migration users - 0 yuan training: free model fine tuning training service - 0 yuan migration: zero cost SDK migration tool - 0 yuan service: expert service (migration&use guidance) immediately experience Baidu Intelligent Cloud Qianfan big model platform: https://qianfan.cloud.baidu.com/
g
gamedot 2024-05-17 11:14
Old Zhou is deeply concerned about Huawei's great cause of open source. He is not a Huawei person, but has Huawei's soul.
xiaoqibabby
xiaoqibabby 2024-05-15 17:36
The bank is strongly required to be responsible for
u
uncle_haiyang 2024-06-25 17:37
See the sewing monster later
Su Baiyang
Su Baiyang 2024-06-25 17:00
Is the let and var in Swift syntax
z
zhuzhua 2024-05-21 10:08
I'm laughing to death. Those who have been deeply kidnapped dare not pay? Who will use the domestic open source framework of small companies in the future will be 213!!! Wait for harvesting later
One code Yma
One code Yma 2024-05-09 09:58
Recently, I often go to interviews. People who hate Ali background most regard me as a fool, even though I am a fool
Plum wine is delicious
Plum wine is delicious 2024-06-25 20:16
I have to explain to you... The early chat software did not have icons, but all used symbols such as ":)" ": - p"... It means friendly. Don't misunderstand
sunday12345
sunday12345 2024-05-15 18:31
What does the bank do? It's blamed on the remote desktop. Persimmons really pick up soft pinches~?
Plum wine is delicious
Plum wine is delicious 2024-06-25 19:18
It looks like "abuse", "slander"?!
Plum wine is delicious
Plum wine is delicious 2024-06-25 20:29
You can use it first... If it's not good, come and scold again "with reasons"! It's unreasonable now
kangaroo
kangaroo 2024-06-22 19:13
The document is an excellent case of language integration practice from the perspective of specifications, but the designer still seems to be a bit pretentious and has made some "innovations", such as func/foreign/->/prop/mut/Run/<:/, Except for the assignment operator, any compound operator is unacceptable and should be avoided as far as possible; In some aspects, the consistency is not rigorous. For example, when functions are used as parameters and return types, they are inconsistent with the standard definitions, and for example, the definitions of anonymous functions (Lambda) are inconsistent, which increases the difficulty of code reading and understanding; It is a bad idea to use the C language address symbol (&) as a spacer for interface inheritance, because it is inconvenient to enter this symbol on the keyboard and requires double keys to enter it; Nothing/Option/Any seems to be taken from TypeScript, which is a kind of null like detection mechanism after all. How about combining one? The syntax style of type followed and separated by colon (:) belongs to Pascal/Go style. This style is more convenient to implement lexical analyzer and generate syntax tree, which is conducive to subsequent processing; I hope that a new language will emerge. It should be based on the style of C language, boldly absorb the excellent practice of the new generation language (grammar sugar), keep the language specification as simple and consistent as possible, but keep the semantics and extensibility open; Cangjie language has made great exploration and practice for the development of new languages, and the expectations after implementation are also very good, making a good start; With the power of example, I believe that the Chinese community is more likely to produce such a language;
Chief taxi captain
Chief taxi captain 2024-05-17 11:17
I suggest that 360 open source all its products, and then become the leading enterprise in the domestic open source industry through open source, leading everyone to compete with foreign enterprises
xyz990
xyz990 2024-05-20 16:14
When foreigners and the FBI poisoned open source projects, why didn't you come forward? With such high quality, the United States should be very popular with other countries, right?
Dreaming day and thinking night
Dreaming day and thinking night 2024-06-25 17:27
Can anyone tell me where to download the installation package?
O
Chief appraiser of OSC waste project 2024-06-25 20:16
I don't think it's hard to use. To be exact, I'm too lazy to use it. Because of your promotion method, many people (including me) feel super disgusted and disgusting. It is impossible for me to understand the products through this disgusting marketing method. Don't play any domestic brand
Sprayer
Sprayer 2024-06-25 16:18
You're looking for v lang
Plum wine is delicious
Plum wine is delicious 2024-06-25 19:12
Is your words a bit excessive?
Ma Nong Little Fatty Brother
Ma Nong Little Fatty Brother 2024-05-16 14:40
I give you six seconds. I give you six moves with the same effect in the martial arts contest, which shows the invincibility and confidence of the master
Little stars in space
Little stars in space 2024-06-25 20:10
Support
Piglet basking in the sun
Piglet basking in the sun 2024-06-25 20:24
Stolman.
Li Yinghui
Li Yinghui 2024-05-09 16:40
Buddhism has a good word, evil opinion. In dealing with the world, it is meaningless to draw conclusions from preset positions; It is also important to receive good logic training.
osc_566335
osc_566335 2024-05-30 14:12
Sure enough, there are a lot of low-end farmers. In the era of localization, they haven't even played with the domestic ecosystem. Although things are not so good, you should spray on the idea. Don't show your ignorance and make people laugh.
Plum wine is delicious
Plum wine is delicious 2024-06-25 20:14
It's strange... Why do you think solon is bad??? It is original (even java ee is useless), has good performance and is made in China... If you feel bad, you can give more suggestions!
Yeah, for
Yeah, for 2024-05-17 13:42
That's too right. Old Zhou can't control Google, but he can control 360. Do not do to others what you do not want. You should open source all 360 products first.
t
troika 2024-06-25 17:24
So I use offline applications. In addition to downloading software and other software that must be networked, other software must be able to run offline. After unplugging the network cable, open each software for inspection, and delete all software that cannot run.
OSC_lDzjvE
OSC_lDzjvE 2024-06-25 20:45
Those who scold the author, please ask the advanced group to know what the author does every day. Ask yourself how many idiotic framework questions your group will answer every day when they meet. Do you do it yourself? In addition, when encountering difficulties and miscellaneous problems in the use of frameworks, the author also takes the initiative to ask you to find problems with the project code and help you solve them free of charge. In the early years of a project, there was no persistent high intensity maintenance and update of any reputation. I admire the author very much, and for the sake of ecology, the author took the initiative to contact the famous ecological components to adapt. In addition, for the frequent updating of "exaggerated words" advertising, in front of the Spring Mountain, it is not frequently publicized how there are nouns, so that developers can remember this excellent domestic framework. I believe that in the near future, Xinchuang will have a place in solon
Small and beautiful software development
Small and beautiful software development 2024-06-25 20:11
Whoa, whoa
Single structure
Single structure 2024-05-11 10:09
Selected as Open Source China's disgrace pillar
canonical-entropy
canonical-entropy 2024-06-25 20:21
The design of SpringBoot is very bloated from today's point of view. In some places, it can be said that there are no problems but also problems. To compete with solon, you can use Quarkus+the next generation low code platform, Nop, but solon+Nop is smaller and faster.
z
zhy 2024-05-16 13:16
At the end of Shannon is Nong
O
Chief appraiser of OSC waste project 2024-06-25 18:58
@Sweet potato seeks a "shielding" function. It really needs to shield some shi like software and authors. This software is the same as the sqltoy, which is nothing but whining. The author also went to Zhihu to create topics for himself and brush comments. If you are clever, you have become popular for so many years. Every day, some of them are not available, but nobody uses them. Don't touch porcelain. Are you in the middle of marketing?? Every message should be answered with a ":)" symbol. Is it very personalized? It is childish to see, how can this framework be better? shi、 It's really Shi. I feel sick when I see it.
Youyouzi with Tomatoes
Youyouzi with Tomatoes 2024-05-30 16:53
There are off the shelf open source products available. Do I need a garbage to keep the bottom?
swingcoder
swingcoder 2024-06-25 19:19
On the one hand, openai can be used without logging in; on the other hand, it has added a lock to some countries
u
uncle_haiyang 2024-06-25 17:41
Qt will get stuck
Yoona520
Yoona520 2024-05-17 16:34
Zhou Hongyi is now living more and more like a clown. If he stays behind the scenes, he has to become an online celebrity. Can you learn from Lei Jun?
infoworld
infoworld 2024-05-11 15:12
Universities should use open source free software instead of commercial ones. In this way, hands and feet will not be tied technically.
xyz990
xyz990 2024-05-20 16:19
At 10:36 on August 28, 2023, an information comment was published on the other side of the ocean: How do you make such remarks? My last account has been blocked. Don't say bad in China. If you don't see it, you can still suggest that we run the apology statement of Digital Guangdong about CEC-IDE 2023/02/07 09:19. On the other side of the ocean, we published an information comment: American companies are strong, but domestic companies are still scrambling to buy vegetables. 35 Retired Google launched an AI product competing with ChatGPT: Bard
Francesca
Francesca 2024-06-15 15:56
Isn't this still six fingers
play
Monkeys playing games 2024-06-25 21:09
This is why the forest is big and has everything, no problems. His name has proved his character.
bhzhu203
bhzhu203 2024-06-18 15:36
This is very useful. After the graphical interface server core, Panic, the graphical interface is stuck and cannot be moved. If there is no valid information, you can output specific error information with a blue screen
kakai
kakai 2024-05-10 10:21
The world only knows that Android was created by Google. Several people know that Android is only a product acquired by Google. Similarly, what is the problem with Huawei's contribution to the collection of OGG open source work and integration into its own proprietary product line?

Hot News

one
Huawei Cangjie Programming Language Officially Appears
two
"Hongmeng PC version" part application UI exposure
three
The first AI college entrance examination full volume evaluation results released
four
🔥 What about SpringBoot? Solon v2.8.4 is really fast!
five
OpenHarmony 5.0 Beta1
six
IntelliJ IDEA 2024.1.4 Release
seven
Yu Chengdong: Pure Blood Hongmeng realizes the self research of the whole stack from the inside out
eight
Deno standard library will release stable version 1.0 soon!
nine
NumPy 2.0.0 release, the first major version since 2006
ten
US imposes sanctions on 12 Kaspersky executives

Excellent column

Expert Q&A
Previous period

How do programmers get started with AI application development?

Talk about Unity and Native Bridging

How to Use Excelize to Process Excel Office Documents Efficiently

A daily blog
more

Analysis of Async annotation underlying asynchronous thread pool principle in Spring

Fault diagnosis of SRE K8s: from high CPU load to root cause disclosure of mount leakage

Automated Quality Assessment of AIGC Map Generation

News delivery
Immediate delivery

Welcome to deliver software and IT industry

Related news.

Recommended attention

Change a batch
centychen
centychen
Article 34
Visit 6.4W
Li Hengzhe
Li Hengzhe
Article 15
Access 3W
ksfzhaohui
ksfzhaohui
Article 196
Access 42W
Tong
Brother Tong reads the source code
Article 239
Visit 8.1W
Dalian palm
Dalian palm
Open source software author

Hot software

Macbuntu -Turn Ubuntu into Mac
liblunar -Chinese Lunar Calendar Function Library
Siena -Simple Java data persistence layer framework
MyFaces -JSF Framework
EasyImage -Jar bag made of picture effects
MiniBuilder -ActionScript development tool
MRTG -System monitoring tools
KCFinder -File Manager Plug in for CKEditor
Hudson -Continuous integration engine
ONLYOFFICE -Business collaboration and project management platform
Android SDK -Android Development Kit
pgDesigner -PostgreSQL modeling tool
AlanXUpload -File upload component of Flash
Jackson -High performance JSON processing
Nefarious IDE -Eclipse plug-in in Go language
Groovy++ -Groovy Plus
reCAPTCHA -Professional check code
ProjectForge -Web Project Management
ThickBox -JQuery Dialog Plug in
Apache Continuum -Continuous integration server
two comment
four Collection
share
Back to top
Top