Comprehensive Security is Vital As Kubernetes Adoption Grows

This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Veeam Global Technologist Michael Cade explains how security is vital as Kubernetes adoption grows.

Over the past two years, the drive toward widespread digital transformation has led to a surge in modernization initiatives for businesses across industries and sectors. This modernization has spurred an increase in the use of containerized environments for optimizing the development, management, and operations of cloud-based applications, enabling greater efficiency and agility, and faster time to market.

According to Veeam’s 2022 Data Protection Trends Report, which surveyed 3,000 IT leaders, 56 percent of organizations that are familiar with containerized environments are using containers in production today, and another 35 percent are planning to. Soon, it will be hard to find an organization that isn’t developing applications using containers.

However, as the number of containerized applications increases, data and application protection become a pressing issue. According to the report, 89 percent of IT leaders see a “Protection Gap” between tolerable data loss and how to protect their data. These results beg the question: Who’s in charge of backing up containerized data and applications?

Widespread Kubernetes Adoption Gives Rise to Data Protection Challenges

The popularity of Kubernetes has exploded since its introduction nearly a decade ago. Today, Kubernetes is the de facto standard for container orchestration, with nearly half of all organizations using the framework. Historically, many developers have assumed that replication services were a sufficient form of protection for Kubernetes data and applications – a flawed premise that has led many to a data disaster. While data replication may improve reliability, replication isn’t the same thing as backup or storage, and an error – for example, one that deletes data – can get replicated just as easily as the data itself, resulting in catastrophic data losses.

The challenge with backing up containerized applications is that containers run microservices that are deployed across numerous nodes within a cluster. All of the data and artifacts that these services need to operate must be backed up along with the application. The combination of stateful and stateless components complicates things further: stateful components maintain their data and state in persistent storage volumes, but stateless components don’t. If stateless components are backed up in a separate location, recovering the application can result in misconfigurations and lost data – or the recovery operation may simply fail altogether.

Due to the complexity of the Kubernetes backup and recovery process, there’s a lot of confusion over who should be responsible. According to the report:

● 28 percent think responsibilities lie with the team that manages Kubernetes storage

● 27 percent think the application owners are responsible

● 40 percent are divided – should the team backing up IT systems be responsible, or is it the job of the team that manages the Kubernetes framework?

With everyone holding down the fort in different camps, backup and recovery often fall off the map.

Built-in Backup and Automation Shuts Down the Argument

Regardless of who’s ultimately responsible, organizations developing containerized applications are looking for improved data protection solutions that reduce data loss and recovery time and increase reliability. In short, it just has to work, but must also be cost-effective while providing value. Legacy backup solutions won’t do – the popular cloud-first mentality demands a service-based approach that fits seamlessly with a range of diverse production environments. According to the report, the top three drivers for moving to a new backup solution include reducing RPO/RTO (33 percent), improving reliability and success of backups (32 percent), and improving ROI (31 percent).

With 90% of organizations adopting multi-cloud environments and supporting a range of service-based workloads, purpose-built backup and recovery across clouds – AWS, Azure, and Google – and native coverage for IaaS, PaaS, and SaaS workloads is essential, as is the ability to move workloads quickly and efficiently between clouds. Deployment flexibility is equally important.

Another important takeaway: backup and recovery must be an integral component of an organization’s security strategy. Ransomware is relentless, and Kubernetes environments are particularly vulnerable to attack. Open source components, incorrect privilege assignments during deployment, and falling behind on Kubernetes updates can all put your data and applications at risk. What’s more, attacks on storage units are increasing – that’s right, bad actors are targeting backups as well as the applications themselves. With all of these factors working against you, data protection requirements should be defined when workloads are provisioned, not after the fact.

Finally, automation is essential. With multiple teams shirking responsibility, making backup and recovery as seamless and painless as possible eases operations while improving efficiency. Backup and recovery should be achievable via a streamlined workflow, without the need to make code, packaging, toolchain or deployment changes. The ability to build in intelligent, automated policies that can auto-detect new applications eliminates manual work and takes the burden of managing backups off of any one team.

Security Everywhere – Even in Kubernetes

In the modern enterprise, no data is safe. For robust protection, security must be considered at every step along the cloud-native development supply chain, and that means security doesn’t

fall to just one team – it’s everyone’s responsibility. Fortunately, new Kubernetes backup and recovery solutions are lightening the load for overworked DevOps and IT teams, leveraging cloud-native features and a high degree of automation to simplify the process, while providing reliable data protection every step of the way.