The statistics are chilling. Last year, there
were nearly 300 million ransomware attacks. That's a 72% increase during the
pandemic. And each successful attack nets an average ransom of $300,000. That
number represents a 171% increase during the same period. And the threat is
escalating as attackers become more organized, more capable, and exploit new
entry points, like mobile and edge devices.
There are no guarantees in defending an
enterprise cloud environment from ransomware. And if your applications are
cloud-native, you have an elevated set of worries owing to the particular
challenges of securing reliable point-in-time backups or check points that
include data volumes as well as application configuration information
(metadata). If you consider that emerging ransomware threats target the backups
themselves-via the operator console or the physical devices-enterprises have
some important choices to make about how they are going to reliably secure
their data (and their users' data) for business continuity and regulatory
compliance.
Legacy
Ransomware Solutions Don't Work in a Cloud-Native Environment
Ransomware protection in a legacy environment
is addressed by many solutions in the market. For cloud-native environments,
it's a new world. Complex and distributed databases require complex and robust
security solutions. The sheer quantity of data to identify and protect in a
cloud-native environment is a hurdle, and safeguarding applications only
happens when apps and their data are backed up. As IDC analyst Lucas Mearian noted, "As container
production deployments grow, there's a need for data protection that includes detection
and defense against ransomware, as traditional data protection methods may not
scale well in containerized environments." (IDC
2021, #US48131821)
The amount of time required to run backups at
the necessary intervals and then recover once an episode occurs impacts both
the efficiency and productivity of a production environment, which leads to
lost revenue. The rapid pace of work in an agile, cloud-native world requires a
data protection solution that can keep up. Legacy solutions are almost certainly
a non-starter.
Consider this obvious reality: backups mean
nothing without the ability to recover and reorchestrate a point-in-time. And
while we have already touched on the pointlessness of long backup windows, slow
recoveries are an even bigger concern with legacy backup and disaster recovery
(DR) solutions. Prolonged data recovery windows can severely impact business
operations, not to mention cause huge losses for businesses (reputation,
customers, revenue) during an outage. In order to avoid these issues,
businesses need ways to accelerate recovery speeds.
A more nuanced weakness of legacy backup and
DR solutions for cloud-native environments is that they are often cobbled
together leveraging technologies that are not ready for enterprise-grade environments.
This leads to issues like failed backups, lack of visibility into backup status
and inconsistent recovery point objectives. This inconsistency can lead to
issues with the deployment and management of backups.
Also, consider the problem of trustable
recovery and isolation testing to identify vulnerabilities such as malware or
misconfigurations. Cloud backup and DR solutions are more reliable, fast and
secure than legacy solutions and thus provide greater peace of mind. Data that
is backed up consistently, that is easy to access, and that can be recovered
faster will provide companies with a more productive staff not just when
disaster strikes, but in every day operations. By not wasting time managing multiple RPOs and
waiting for sluggish backups and recoveries to finish, companies can innovate
more and manage backup and DR less.
Protecting
the Attack Points in Your Backup & Recovery Systems
Keeping backup copies of data and
"point-in-time captures" are the most effective means of thwarting ransomware
attacks, since there's no need to pay to recover data if there's another copy
of the data safe and sound. However, attackers are becoming increasingly
sophisticated and have started targeting backups first.
Attackers frequently try to penetrate the
backup system either through the administrative console (accessing the primary
Kubernetes storage cluster) or the storage media itself (S3 or NFS) in order to
modify and delete point-in-time data. As a result, organizations can lose data
and not even know about it until later. This greatly inhibits an enterprise's
ability to restore business operations after their data is held ransom.
Critical
Considerations for Cloud-Native Ransomware Protection
Let's look at some of the unique challenges
faced when securing data in a Kubernetes environment. First and most obvious is
the number of players involved in a cloud-native application's chain of
responsibility. There are application developers, GitOps managers, DevOps
engineers, cloud architects and IT Ops team members, and of course,
line-of-business owners and C-level stakeholders. Each has a role to play.
Next, let's consider the criticality of
securing backups on an application-centric level. All apps running on a
Kubernetes cluster must be protected (no matter what deployment method was
used: Labels, Helm charts, Namespaces, and Operators): every object, every
piece of data, and every piece of metadata must be secured so the precise state
of a point-in-time can be recovered.
And just like we do in legacy environments,
the backups need to be stored elsewhere. In the case of a Kubernetes
environment, that means-at the very least-storing the backups outside the
cluster.
The
NIST CyberSecurity Framework as a Trusted Guide
Trilio recommends that all cloud-native backup
models leverage the NIST Cybersecurity Framework. NIST has
documented a series of well-respected, comprehensive security best practices in
this framework, and we've aligned the design of our cloud-native ransomware
offering, Triliovault for Kubernetes, to this framework. The "Day 2" data
management capabilities of TrilioVault for Kubernetes-backup and recovery, DR,
data migration, and ransomware protection-are modeled after NIST best practices.
Specifically, it uses the best practices that are detailed in the Data
Integrity projects of the National Cybersecurity Center of Excellence (NCCoE)
at NIST. The three main components of the framework are:
-Three components of the National Cybersecurity Center of
Excellence Framework. Corresponding features help deliver comprehensive
ransomware protection and recoverability for cloud-native applications-
The primary benefits of aligning to the NIST
Cybersecurity Framework for enterprises running cloud-native applications are
consistency of data protection schemes so that learnings can be shared across
industries, and the benefits that come from taking an approach that doesn't
cause administrative overhead. While backup immutability and encryption are useful
enabling technologies standardized in the NIST framework, it's important to
remember that the framework does not relate to one or two features in a backup
and recovery model; it has to be comprehensively built into the entire
approach.
In a recent Angelbeat
virtual seminar that we participated in, it was noted that only a
year ago, CNCF survey data informed us that 78-80% of enterprises are using
Kubernetes for data storage and applications. With that kind of market
penetration, with the sophistication of contemporary ransomware threats, and
with the ineffectiveness of legacy backup solutions for cloud-native
applications, there is a perfect storm brewing that enterprises need to prepare
for if they're going to weather the threat of ransomware attacks sinking their
businesses. Fortunately, the NIST framework gives us a sound, reliable guide to
follow.
##
To hear more
about cloud native topics, join the Cloud Native Computing Foundation and cloud native community at KubeCon+CloudNativeCon North America 2021 - October 11-15, 2021
About
the Author
Justin
Bartinoski is the Vice President of Marketing at Trilio where he oversees
global marketing, including brand, messaging, product marketing and demand
generation activities for the company's cloud-native data protection platform.