Author: Matt Waxman, Senior Vice President and General Manager, Data Protection, Veritas Technologies
Bio: Matt Waxman has more than 20 years of experience in accelerating growth and solving enterprise customer challenges as a product innovator in data protection and adjacent sectors. At Veritas, Matt oversees the data protection product portfolio globally, driving the company’s cyber resiliency strategy.
Every day it seems the headlines bring news of yet another ransomware attack. From financial services, to healthcare, hospitality, energy, and even the public sector. The era of cloud and multi-cloud operations has created fertile ground for business benefits, while also opening new windows of opportunity for cybercrime. Unfortunately, the bad actors are becoming infuriatingly good at what they do.
Bucking stereotypes, the modern cybercriminal doesn’t fit the traditional profile of a rogue nation-state or lone actor holed up in a dorm room or basement. The new breed of cybercriminals is running sophisticated efforts and constantly innovating. Many have taken a cue from the trend towards as-a-Service models and artificial intelligence to organize complex operator and affiliate schemes. Some even have customer service teams to work with companies they’ve targeted to assist in returning their data once the ransom has been paid.
No environment is immune from the threat
For a brief period, the ephemeral nature of Kubernetes environments appeared to make them a less likely target, but the Siloscape malware signaled a proverbial wake-up call. Siloscape clearly demonstrated that Kubernetes could be used as a backdoor for wider corporate attacks. The malware escaped an individual container, then easily collected business-critical information at the cluster level before quickly moving on to wreak havoc across the network.
Abandoning any false sense of confidence around Kubernetes’ invincibility, 89% of organizations admit containers are at risk for ransomware attacks. In fact, the same research found that 48% of organizations that have deployed Kubernetes have already experienced a ransomware attack on their containerized environments. What’s surprising is how dangerously slow many have been to extend their data protection to their containerized data estates. Only about a third of organizations that have deployed Kubernetes so far have tools in place to protect them against data-loss incidents.
Given that small percentage, it’s no wonder another recent survey showed only 35% of U.S. IT decisionmakers said, that in the event of a cyberattack, they were fully confident in the data recovery plans for their Kubernetes workloads. In the same survey, nearly half of the respondents estimated the cost of downtime for their mission-critical applications running on Kubernetes at upwards of $50K an hour with 9% placing the cost at more than $250K an hour. The reality is: organizations can’t afford to hit the snooze button on protecting their Kubernetes and containerized environments any longer.
Separating fact from fiction
The technological benefits of Kubernetes are undeniable, but their adoption is not without risk. Contrary to popular belief, Kubernetes falls short of many of the requirements of a secure infrastructure. Keep the following in mind to avoid Kubernetes becoming your organization’s weak link.
- Don’t rely on default settings – To achieve a good level of security in today’s threat environment, enterprises need to adopt more complex configurations. The actual security level of a deployment depends on the configuration applied and other aspects, including permission management, network security, container image control, and the containers themselves.
- Check and recheck configurations – A secure Kubernetes installation goes hand in hand with ongoing maintenance procedures. Implement regular patching, monitoring, and security audits to identify vulnerabilities and gaps in a timely manner and to ensure that the original configuration remains relevant. Because Kubernetes and its ecosystem are based on open-source elements, continuous supply chain auditing is also a must.
- Anticipate and resolve storage requirements – The downside of Kubernetes’ flexibility is that the environment does not offer any standard solutions for storage. All storage must also be defined and configured. Beyond possible technology alternatives for storage, various micro-strategies must further be determined in relation to data persistence, data location, as well as scalability, and isolation requirements.
- Protect against cluster corruption and data loss – Even with Kubernetes, it is important to perform regular backups and ensure all mission-critical data is secure. While Kubernetes offers replication and restarting of pods, it does not protect against data loss or corruption of the entire cluster. It is critical to ensure all Kubernetes namespaces are protected. Challenges can also arise during restoration from Kubernetes, including incompatibilities between configurations.
From prevention to preparedness
To overcome these and other limitations, organizations need a comprehensive data protection and security solution – all the way to the endpoints. By extending existing data protection from their traditional workloads across containerized environments, they can sidestep more complex data restore processes and the higher costs that come with deploying multiple solutions.
A mindset shift is also in order. Now is the time to evolve the strategy from prevention to preparation. There’s no avoiding the inevitable. Instead, plan for when it happens – because it will happen. Build an approach around resilience. Assume you’re going to have problems and work through the practices to address them.
Whoever said that crime doesn’t pay, has never encountered a ransomware gang. It may only be a matter of time before the highest recorded ransomware payoff of $40 million is surpassed. Some experts predict that total ransomware damage costs will exceed hundreds of billions of dollars in less than a decade. Protect against hackers as fiercely as you would guard trade secrets from competitors. With stronger cyber resiliency measures in place, Kubernetes workloads need not be an organization’s Achilles heel.