Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

4 tips for achieving better security on Kubernetes

June 14, 2022
Ajmal Kohgadai Andy Oram
Related topics:
KubernetesSecurity
Related products:
Red Hat OpenShift

Share:

    When security is ignored, organizations are putting at risk the core benefit of faster application development and releases. But security and agility do not have to be in contention.

    A recent Red Hat survey with more than 300 respondents, covered in our 2022 State of Kubernetes security report, identified the most pressing security needs and offered suggestions for putting your organization on track to protect security in Kubernetes environments.

    Our findings show that what happens in the build and deploy stages has a significant impact on security, as revealed by the prevalence of misconfigurations and vulnerabilities across organizations. Security, therefore, must shift left, embedded imperceptibly into DevOps workflows instead of being "bolted on" when the application is about to be deployed into production.

    Note: Most of the material in this article comes from the Red Hat report, 2022 State of Kubernetes security.

    Top Kubernetes security tasks identified in the survey

    Organizations expect a security solution that protects containers and Kubernetes at every phase. Security starts at the earliest phases of development, such as choosing secure third-party libraries, and extends to runtime monitoring and detection.

    The methods used to protect applications span DevOps and security activities, underscoring the need for both in a DevSecOps approach in which the development, operations, and security teams collaborate.

    The most important security tasks that respondents identified as "must-have" capabilities in Kubernetes (Figure 1) were:

    • Runtime threat detection and response (chosen by 69% of respondents)
    • Configuration management (chosen by 68% of respondents)
    • Image scanning and vulnerability management (chosen by 65% of respondents)
    A cluster of three or four concerns topped the list of needed security capabilities.
    Figure 1: A cluster of three or four concerns topped the list of needed security capabilities.

    When the respondents refer to configuration management, they are pointing out that security must currently be dropped into many different properties of YAML files with a variety of isolated parameters that are hard to learn and coordinate.

    Tips for starting on a stronger security course

    The 2022 State of Kubernetes security report ended with the following suggestions.

    Use Kubernetes-native security architectures and controls

    Kubernetes-native security uses the rich declarative data and native controls in Kubernetes to deliver several key security benefits. Analyzing the declarative data available in Kubernetes yields better security, with risk-based insights into configuration management, compliance, segmentation, and Kubernetes-specific vulnerabilities.

    Using the same infrastructure and its controls for application development and security reduces the learning curve and supports faster analysis and troubleshooting. This consistent infrastructure also eliminates operational conflict by granting security the same automation and scalability advantages that Kubernetes extends to infrastructure.

    Start security early, but extend it across the full life cycle

    Security has long been viewed as a business inhibitor, especially by developers and DevOps teams whose core mandates are to deliver code fast. With containers and Kubernetes, security should become a business accelerator, by helping developers build strong security into their assets right from the start.

    Look for a container and Kubernetes security platform that incorporates DevOps best practices and internal controls as part of its configuration checks. Such a platform should also employ tools that assess the security posture of the Kubernetes configuration itself, so that developers can focus on feature delivery. The open source KubeLinter tool picks up many security issues in Kubernetes configurations.

    Require portability across hybrid environments

    With most organizations deploying containers in both on-premises and public cloud environments (sometimes in multiple clouds), security must apply consistently wherever your assets are running. The common foundation is Kubernetes, so make Kubernetes your source of truth, your point of enforcement, and your universal visibility layer for consistent security. Managed Kubernetes services can quicken your organization’s adoption of Kubernetes, but be careful about getting locked into cloud provider-specific tooling and services.

    Transform the developer into a security user by building a bridge between DevOps and security

    Given that most organizations expect DevOps to run container security platforms, your security tooling must help bridge security and DevOps. To be effective, the platform must have security controls that make sense in a containerized, Kubernetes-based environment. It should also assess risk appropriately. Telling a developer to fix all discovered vulnerabilities that have a Common Vulnerability Scoring System (CVSS) score of 7 or higher is inefficient. Instead, you can improve security significantly by identifying the three deployments that are exposed to the most severe vulnerabilities and showing the developers why these deployments are at risk.

    Conclusion

    Learning the best practices outlined in this article is a good first step toward improving your application's security. The speed with which new containerized applications are built and deployed as microservices requires security automation in developer workflows. Developers shouldn’t have to slow down to run manual security checks. Organizations should deploy automated security in a DevOps fashion, using security tools that enable an open hybrid strategy for application security. Learn more about how Red Hat Advanced Cluster Security for Kubernetes can provide developers with the security guardrails to help them automate DevSecOps in their pipelines.

    Last updated: June 22, 2022

    Recent Posts

    • Create and enrich ServiceNow ITSM tickets with Ansible Automation Platform

    • Expand Model-as-a-Service for secure enterprise AI

    • OpenShift LACP bonding performance expectations

    • Build container images in CI/CD with Tekton and Buildpacks

    • How to deploy OpenShift AI & Service Mesh 3 on one cluster

    What’s up next?

    Getting GitOps e-book card

    Learn how to navigate the complex world of modern container-based software development and distribution with Getting GitOps: A Practical Platform with OpenShift, Argo CD, and Tekton.

    Download the e-book
    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit
    © 2025 Red Hat

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue