How Kubernetes Protects Enterprises From Ransomware

Today’s complex enterprise IT workloads require the scale and flexibility that only Kubernetes can deliver. But security issues facing Kubernetes users continue to disrupt critical operations, particularly as ransomware inflicts increasing damage on enterprises. Conservative estimates put global ransomware losses upwards of $20 billion in 2020, with 2021 expected to be even worse.

With ransomware attacks on the rise and rapidly increasing business stakes, data protection, particularly backup and disaster recovery, is more critical than ever. Ransomware, however, is not the only catalyst. Within the same timeframe that ransomware attacks have increased, the adoption of Kubernetes and containers also saw significant acceleration alongside digital transformation efforts. According to Gartner, 75% of large enterprises in mature economies will have adopted containers by 2024. These two trends have brought us to where we are today with a modern computing paradigm driven by Kubernetes and containers and the vicious threat of ransomware lurking in the digital shadows, threatening the businesses that rely on Kubernetes applications.

The proper tooling for successful data management in Kubernetes environments can mean the difference between a thriving business and a complete organizational shutdown. The attack vectors for ransomware in Kubernetes applications and environments are plentiful and attractive to attackers. Overpermissioning during install, ever-growing lists of vulnerabilities and skipped updates, uninstalled software patches and gaps in backup and recovery make Kubernetes deployments soft targets. As a result, it has never been more important to ensure that cloud-native systems, and the DevOps and PlatformOps teams that rely on them, are prepared for the threats of ransomware.

Hardening Backups to Prepare for Disaster

While the primary goal is to be able to prevent a ransomware attack altogether, it is equally as important to plan for how to recover from one. Hardened backup capabilities are a must and enterprise IT teams should be aware of the different operating requirements for Kubernetes applications in contrast to legacy, monolithic systems. These include:

Application State and Configuration Data – Each application must include the state that spans across storage volumes and databases (NoSQL/relational), as well as configuration data included in Kubernetes objects such as configmaps and secrets.

Snapshots versus Backups – Snapshots are typically stored alongside primary data and are not fully isolated. This means that, alone, snapshots might not be available if something happens to the cluster holding them, rendering them unreliable for recovery and long-term data retention due to potential data loss.

Application Portability – Cloud-native environments offer the most options in terms of portability. Regardless of location, it is essential that organizations can take advantage of this portability across clusters, regions and diverse infrastructure, such as Kubernetes. Kubernetes offers the ability to restore data into any Kubernetes environment quickly.

Application Scalability – Kubernetes-based application requirements for scale have increased versus monolithic applications due to an explosion in application components (for example, ConfigMaps, secrets, etc.), dynamic autoscaling (clusters and applications) and polyglot persistence (multiple databases used by a single cloud-native application).

Application Security for Cloud-Native Environments – Cloud-native environments have shifted the importance and function of application security. End-to-end encryption and customer-owned management capabilities are paramount and should include integrated authentication and role-based access control (RBAC). Lastly, application security must allow for a quick recovery from ransomware attacks.

Prioritizing Recovery

Despite planning for disaster, should a ransomware attack succeed, recovery is an organization’s next line of defense. Ransomware attacks are not one-size-fits all and attackers work diligently to find the right targets, as well. In the case of Kubernetes, an attack on a cluster may stem from something as “simple” as an overlooked, unauthenticated endpoint or an unpatched vulnerability. In the event of a successful attack, fast restores are essential to protecting sensitive data from being exploited and resuming business operations quickly.

Enterprise IT teams run and maintain thousands of applications across different locations using platforms like Kubernetes that enable automation – overseeing all of them manually is a task nearly beyond human capabilities. Tools for backup and recovery functions should also promote automation and integrate seamlessly into existing workflows. Enabling immutability, creating backups with unique code paths, protecting backups for maximum effectiveness and enabling seamless restores are part of a robust ransomware data protection strategy.

Defeating Ransomware

If an organization is attacked by ransomware, and there is no plan to defend against it, the attack can result in significant business disruption and major financial losses, even without paying ransom (which a business should never do). A robust ransomware data protection strategy can enable organizations to recover from data loss and ransomware attacks with sustained success.

In the same way that renters purchase renter’s insurance to recover and replace personal property and liabilities in the event of an accident, IT teams should invest in cloud-native Kubernetes-based backup and recovery solutions to mitigate attacks and ensure business operations can resume as seamlessly as possible. For these solutions to be effective, they need end-to-end backup integrity, with minimal permissions and privilege separation between object storage providers and encrypted backups. They require backup efficiency; the efficient use of storage space and usability across a variety of storage types. They must also enable accelerated and automated recovery, requiring no extra time or cost for easy restoration. Plus, they have to be simple, easy to use and must be able to be integrated into all storage types for optimal operational impact.

Beyond tooling, IT teams need to educate stakeholders on how to avoid ransomware and detect phishing campaigns, suspicious websites and other scams, like social engineering, while security resources should be aimed at hardening application infrastructure – systems and networks – and maintaining all software updates on a regular basis.

As the threat of ransomware grows and attacks become more sophisticated, implementing the right procedures to prevent and overcome attacks is critical. For applications running on Kubernetes, IT teams need to be aware of their unique requirements to protect them and ensure that backup and recovery capabilities are hardened accordingly. Kubernetes is the unifying fabric of modern computing. Using it to mitigate the most pressing data threats in today’s risk landscape is one of the best defenses yet.

Michael Cade

Michael Cade is a community first technologist for Kasten by Veeam Software. He is based in the UK with over 16 years of industry experience with a key focus on technologies such as cloud native, automation & data management. His role at Kasten is to act as a technical thought leader, community champion and project owner to engage with the community to enable influencers and customers to overcome the challenges of Cloud Native Data Management and be successful, speaking at events sharing the technical vision and corporate strategy whilst providing ongoing feedback from the field into product management to shape the future success.

Michael Cade has 5 posts and counting. See all posts by Michael Cade