Kubernetes data protection is being neglected

Kubernetes logo
Kubernetes logo

Businesses may be getting to grips with Kubernetes, but they are leaving themselves open to cyberattacks including ransomware because they haven’t thought to coordinate their cloud-native and data protection strategies.

Research conducted for Veritas showed that Kubernetes is increasingly being deployed for mission-critical applications, with a third of respondents already using it, and 86 percent of organizations claiming they would be using it within the next two years.

But while companies are clearly convinced of the case for the container orchestration platform and apparently desperate to deploy it, just a third of current users have matched their Kubernetes installations with appropriate data protection tools.

What is even more inexplicable is that 89 percent said that ransomware attacks on their Kubernetes environments are already an issue. Almost half of organizations who had deployed the container orchestration platform said they’d already experienced an attack on their Kubernetes environments.

This prompted Veritas to dub Kubernetes the “Achilles’ heel” in ransomware defense strategies. Though perhaps a more apt description would be the “great big rainbow pointing to a crock of data gold.”

This is in large part because just 40 percent of organizations have extended their legacy data protection tooling to their Kubernetes environments, with the rest either relying on standalone products, or presumably nothing at all. Which not only increases complexity while leaving potential gaps in protection, but is also likely to complicate restores.

Of those organizations that had implemented some form of data protection for Kubernetes deployments, 47 per cent plumped for a standalone version, while 40 per cent had extended existing data protection tooling. The remainder were using a mix of standalone and existing tools.

The research also suggests a certain degree of magical thinking about how things are likely to develop in the future. First of all, tech leaders are piling into Kubernetes without ensuring they have protection in place. At the same time, 29 percent believe ransomware will not be an issue five years from now, as they ramp up their spending on data protection for containerized data by 49 percent.

Which is great, as long as ransomware developers play ball and refrain from attacking unprotected organisations now and don’t work to develop new variants to take advantage of this gradualist approach to protection in the longer term.