Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Lessons Learned from Scanning Over 10,000 Kubernetes Clusters

Home
Industry Insights
Lessons Learned from Scanning Over 10,000 Kubernetes Clusters

Blog Article Published: 07/25/2022

This blog was originally published by ARMO here.

Written by Jonathan Kaftzan, VP Marketing & Business Development, ARMO.

With Kubernetes adoption continuing to rise, we've seen multiple studies add to the growing body of research for enterprise K8s deployments this past year. Companies leveraging managed services and packaged platforms drive much of the continued growth in adoption. An annual study conducted by the Cloud Native Computing Foundation (CNCF) found that 96% of organizations surveyed are either using or evaluating K8s currently. 5.6 million developers use K8s worldwide, accounting for 31% of all backend developers across the globe.

Survey respondents using K8s cite improved scalability and availability and shorter deployment times as the main reason for leveraging the technology. Among those users, weekly and daily release cadences are commonplace. While the number of organizations leveraging K8s will only continue to grow, there are rising concerns about security.

According to Gartner, through 2025, more than 99% of cloud breaches will have a root cause of customer misconfigurations or mistakes. This matches up with the findings from Gartner’s 2021 Hype Cycle for Cloud Security report which shows that 59% of security incidents with known causes occurred from a detected misconfiguration. When asked which risks concerned cloud leaders the most for their containers and K8s environments, most respondents identified misconfigurations as their number 1 concern.

K8s users and organizations fight misconfiguration and vulnerabilities across the SDLC. Kubescape is a Kubernetes open-source security platform providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerabilities scanning.

Kubescape scans K8s clusters, YAML files, HELM charts, worker nodes and APIs servers, detecting misconfigurations according to multiple frameworks (such as the NSA-CISA, MITRE ATT&CK, and more), software vulnerabilities, and RBAC (role-based-access-control) violations across the SDLC, calculates risk score instantly and shows risk trends over time.

Since we launched Kubescape in August 2021, it has scanned more than 10,000 K8s clusters. We aggregated the data and did some analysis to highlight essential stats on the state of K8s security, risk, and compliance.

Here are the main conclusions:

Keep your Kubernetes risk scores below 30

Our scans included implementations across multiple regions, including North America, Europe, the Middle East, Africa, and the Asia Pacific. Our users range from DevOps and DevSecOps engineers to security engineers, architects, and risk analysts.

So what have we learned?

We assessed our findings in four frameworks, including ArmoBest, MITRE ATT&CK, NSA-CISA Hardening guidance, and DevOps Best Practices.

For each assessment, 100 represents the highest risk and 0 the lowest. A best practice is for organizations to keep their risk scores below 30, with 60+ putting them in the worst 5%. A risk score below 10 puts an organization in the best 10%.

Kubernetes risk score


The Top 5 Security misconfiguration

Our scans found that 100% of clusters contained at least one misconfiguration, while 65% had at least one high severity misconfiguration. 50% of clusters had 14 or more failed security controls. Here is a look at the top 5 misconfigurations found during our scans:

  • Run privileged containers - Containers with access to run privileged might create unintended access to host information and should generally be configured to run as a non-root user.
  • Cluster admin binding - Users with the cluster-admin role can perform any action on any resource, leaving a considerable vulnerability across the implementation.
  • Missing Resource policies - 63% of clusters had workloads without proper resource limitations. Resource policies may control access to security-sensitive aspects of a pod's specification. Failing to configure resource policies properly can expose your system and lead to costly breaches.
  • Immutable container filesystem - Cyber attackers that gain execution within a container can create files, download scripts, and modify applications. Leveraging an immutable container configuration can prevent damage but may also introduce complications in application function if not properly managed.
  • Ingress and Egress blocked - 63% of clusters had workloads outside the cluster without the proper ingress blocked. It's critical to use ingress and egress filtering to protect network access points.

Top and common Vulnerabilities

63% of the containers we scanned had one or more vulnerabilities, while 46% had one or more critical vulnerabilities. 53% had one or more RCE (Remote Code Execution) vulnerabilities. Here's a look at the top 5 vulnerabilities that we found.

Kubernetes top and common vulnerabilities

In all-

  • 63% of clusters had workloads without proper resource limitations
  • 37% of clusters had applications with credentials in configuration files
  • 23% of clusters had applications running with dangerous Linux capabilities
  • 35% of clusters had workloads running with insecure capabilities
  • 100% of clusters had misconfiguration
Kubernetes vulnerabilities by severityNumber of critical Kubernetes vulnerabilities

Misconfiguration still plagues K8s implementations

Even as organizations level up their cloud-native development and operations competencies, we still found misconfigurations in 100% of the scanned clusters. This demonstrates the importance of having the right security frameworks and tools in place to bolster the security posture of K8s implementations.

ComplianceDevSecOpsRisk Management

Share this content on your favorite social network today!

Latest from CSA
AI Summit at RSAC 2024
The State of AI and Security Survey Report
Data Resiliency Survey 2024
Trending This Week
#1 What is the Cloud Controls Matrix (CCM)?
#2 Zero Trust and AI: Better Together
#3 Test Accounts: Another Compliance Risk
#4 AI Safety vs. AI Security: Navigating the Commonality and Differences
#5 Is PQC Broken Already? Implications of the Successful Break of a NIST Finalist
Enhance your cloud security skills with CSA's online training options.
Related Articles:
Kernel Introspection from Linux to Windows

Published: 04/18/2024

How to Set Your Small Privacy Team Up for Success

Published: 04/17/2024

The Data Security Risks of Adopting Copilot for Microsoft 365

Published: 04/16/2024

How to Audit Your Outdated Security Processes

Published: 04/16/2024