Kasten this week updated its K10 data protection software purpose-built for Kubernetes clusters, at a time when the amount of data that resides within Kubernetes environments is increasing steadily.
Version 2.0 of the K10 data protection platform adds support for Kubernetes authentication, role-based access controls (RBAC), OpenID Connect (OIDC), roles within the identity and access management service provided by Amazon Web Service (AWS), customer-managed keys and integrated encryption of artifacts at rest and in-flight.
Kasten CEO Niraj Tolia says that as stateful applications increasingly are being deployed in production Kubernetes environments, IT managers are becoming more concerned about data protection. Most existing legacy data protection platforms don’t support Kubernetes, which Tolia says puts the responsibility for protecting data on the team managing the Kubernetes cluster. That requirement drove the development of a data protection platform that makes use of Kubernetes application programming interfaces (APIs) to drive operational simplicity, he says.
Reliance on those APIs enables everything from auto-discovery of the application environment to the ability to enforce data protection policies consistently across multiple clusters. In addition, Kasten has included logging and monitoring tools to provide observability into data protection processes, adds Tolia.
Having recently raised another $14 million in funding, Kasten is about to find itself competing with much larger rivals of data protection platform providers such as Dell Technologies, as they beta test forthcoming offerings for Kubernetes. However, that competition serves to validate the need for data protection software designed from the ground up for Kubernetes clusters, Tolia notes, adding those rival offerings are aimed primarily at traditional storage administrators, not DevOps teams, which tend to prefer robust APIs to invoke any process.
It may be a while before organizations determine who in IT will be held responsible for data protection on Kubernetes clusters. In the meantime, however, most application owners won’t have much patience if data from a Kubernetes cluster is lost or stolen. It’s in the best interest of traditional storage professionals and DevOps teams to come to some form of accommodation regarding data security as quickly as possible. Until that is achieved, however, storage professionals should not be surprised to see DevOps teams solving the issue in their own way.
In the meantime, IT organizations would also be well-advised to consider the highly dynamic nature of Kubernetes environments. The rate at which containers are being ripped and replaced may require organizations to rely on more snapshots of data to ensure data integrity and consistency, for example. Auditors also may require IT teams to prove data has always been in their custody no matter how many containers were spun up to access that data for a few seconds. Whatever the path chosen, the process associated with managing data in containerized environments promises to be substantially different than it was on any previous approach applied to monolithic applications.