Notifications
Clear all
Topic starter
08/06/2026 5:06 pm
TL;DR: Gartner’s 2029 forecast says more than 95% of global organisations will run containerised applications in production, while 35% of enterprise applications will run in containers, underscoring that Kubernetes security is now a mainstream governance problem, according to Aqua Security. Security models built for static infrastructure no longer fit ephemeral, rapidly redeployed workloads.
NHIMG editorial — based on content published by Aqua Security: What Gartner Wants Every CTO to Know About Kubernetes Security
By the numbers:
- By 2029, more than 95% of global organizations will be running containerized applications in production.
- By 2029, 35% of all enterprise applications will run in containers.
- Only 44% of organizations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
Questions worth separating out
Q: How should security teams govern Kubernetes workloads that change constantly?
A: Treat Kubernetes governance as a continuous control problem.
Q: Why do containers create more security risk than older application models?
A: Containers compress build, deployment, and runtime into a fast-moving system that depends on shared images, automation, and orchestration.
Q: How do you know if Kubernetes security controls are actually working?
A: Look for reduced recurrence of the same image, manifest, or cluster misconfiguration across redeployments.
Practitioner guidance
- Map workload identity to cluster authority Inventory which identities can change namespaces, service accounts, deployment manifests, and cluster-wide settings.
- Tie image risk to deployment gates Block promotion when base images, open-source dependencies, or manifest checks fail policy.
- Connect runtime alerts to root-cause remediation Make every production alert trace back to a fix in the image, supply chain, or Kubernetes YAML file.
What's in the full article
Aqua Security's full analysis covers the operational detail this post intentionally leaves for the source:
- Specific Kubernetes security considerations across managed cloud platforms, on-prem deployments, and open source clusters
- Examples of how base images, dependencies, and redeployments change the threat surface in practice
- More detail on the shared responsibility divide between security, engineering, and DevOps teams
- Aqua's own product and platform context for securing containerised environments
👉 Read Aqua Security's analysis of Kubernetes security for CTOs →
Kubernetes security is maturing, but are your controls keeping up?
Explore further
08/06/2026 7:07 pm
Kubernetes security is now an identity governance problem, not just an application security problem. Containers and clusters have become mainstream production infrastructure, but the control model still assumes assets that are slower, more stable, and easier to certify than modern workloads. Once identity, orchestration, and runtime behaviour converge, governance has to cover both who can change the environment and what the environment can change on its own. Practitioners should treat Kubernetes security as an access and control-plane discipline, not a narrow scanning exercise.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- Systems with least-privileged AI access had a 17% incident rate versus 76% for over-privileged systems, which shows how quickly identity scope changes security outcomes.
A question worth separating out:
Q: What should organisations prioritise first in Kubernetes security?
A: Prioritise the controls that prevent unsafe configurations from becoming live workloads. That means deployment gating, service account scope, authentication hardening, and network and resource boundaries. If those basics are weak, runtime monitoring becomes noisy and remediation becomes reactive instead of controlled.
👉 Read our full editorial: Kubernetes security now needs new models for mainstream adoption
