Protecting Kubernetes from ransomware [Q&A]
Many organizations have been quick to adopt containerization and particularly Kubernetes. But while there are advantages in scale and flexibility, it also raises issues around cloud-native data protection practices.
So how can businesses adopt the technology but still protect their information? We spoke to Gaurav Rishi, VP product, at Kubernetes backup specialist Kasten by Veeam to find out.
BN: Why is Kubernetes seeing such rapid adoption?
GR: According to Gartner, 75 percent of large enterprises in mature economies will have adopted containers by 2024. Few emerging technologies have spread this rapidly through the enterprise in large part because operations teams are realizing the cost and portability benefits in addition to development agility from Kubernetes adoption and scaling deployments as a result.
Today's complex enterprise IT applications require a level of scale and flexibility that only Kubernetes can deliver. Kubernetes-native applications are easily extensible and portable across public, private or hybrid clouds. This provides developers with an agile development platform with a wide choice of languages and an extensible toolset that enables them to create loosely coupled microservices that dramatically improve productivity and feature velocity. The automation benefits of Kubernetes along with the deployment flexibility translate to scalable and cost-effective deployments.
BN: How has the adoption of Kubernetes changed the threat landscape?
GR: As Kubernetes deployments increase, so do attacks -- which include ransomware -- dominating headlines across the globe. Attack surfaces in the context of Kubernetes applications include supply chain risks as well as malicious insider and external threat actors. Enterprises must secure their supply chains across builds and deployments with registry scans and regular updates. Since Kubernetes applications, composed of microservices, leverage several open source and vendor-provided modules, it is imperative to install CVE fixes and Kubernetes version updates on an ongoing basis. The over-provisioning of access rights for users and applications is another area exploited frequently. Enterprises must start applications with the least privileges possible, coupled with strong authentication and authorization for secure operations in a Kubernetes cluster so an exploited application or malicious user cannot escalate privileges and compromise other applications.
BN: With ransomware attacks becoming increasingly common, how and why are attackers using ransomware to specifically target Kubernetes users?
GR: Unfortunately, ransomware attacks are a profitable misdeed for hackers today since they can exploit the Kubernetes attack surfaces mentioned earlier and hold the enterprise hostage to exorbitant demands. In fact, the ransomware ecosystem is so developed that there are companies who exist solely to negotiate ransomware demands with hackers. The other driver for attacking Kubernetes applications is the tremendous growth in deployments that use compute and storage infrastructure under the hood that hackers would like to use for their own purposes.
BN: What are some of the ways Kubernetes users can harden their deployments against ransomware attacks?
GR: Data protection, particularly backup and disaster recovery, is more critical than ever. While it's important to take steps to eliminate vulnerabilities and protect against potential ransomware attacks, it's equally important to plan for the worst-case scenario. Should a ransomware attack succeed, recovery from a previous backup may be an organization’s only line of defense.
An attack on a Kubernetes cluster can stem from something as ‘simple’ as an overlooked, unauthenticated endpoint or an unpatched vulnerability. In the worst-case scenario of a successful attack, fast restores are essential to protecting sensitive data from being exploited and allowing enterprises to return to normal business operations quickly.
BN: Within the context of data protection, why does it matter if a technology is Kubernetes-native? What is the alternative?
GR: Cloud-native applications are being built from the ground up to run on Kubernetes platforms. Legacy data protection solutions built for the hypervisor era simply do not work in modern environments. Applications, composed of multiple microservices, are the unit of atomicity and operate in a distributed and dynamic manner with the constant scheduling of workloads across nodes that may not even have a hypervisor layer. Additionally, Kubernetes-native data protection is imperative to operate with a DevOps methodology where, for example, secure self-service portals, automation, and workflow integration into the cloud-native tool set are critical requirements.
BN: How can Kubernetes users ensure that they have a hardened last line of defense against ransomware, and what are some best practices they can use to protect their organizations from serious damage?
GR: Hardened backups are a must-have. Backup integrity is important. Since backups are your last line of defense, backups must be reliable, whether data is lost or corrupted, accidentally or maliciously. Immutability is also important as it provides enterprises with the confidence that their target storage locations contain the information they need to recover applications quickly in case of an attack.
Backup operations must be able to work at scale across multiple clusters in hybrid environments that include infrastructure from different vendors providing storage, Kubernetes distributions and data services. Hence it is important for ease of use and scalability to support policy-based automation that allows enterprises to maintain their freedom of choice across infrastructure vendors and deployments architectures.