Virtualization Technology News and Information
VMblog Expert Interview: Catalogic Updates CloudCasa with Ransomware and Security Features and Cross-Cluster and Cross-Cloud Restores


This week, Catalogic Software announced the general availability of the next major feature release for its cloud native back-up-as-a-service platform CloudCasa.

To find out more, VMblog reached out to Sathya Sankaran, COO of Catalogic.

VMblog:  For those not familiar with your offering, let's start with what is CloudCasa?

Sathya Sankaran:  CloudCasa is a powerful cyber-resilient backup service built for protecting Kubernetes, cloud databases, and cloud native applications. As a SaaS solution, CloudCasa removes the complexity of managing traditional backup infrastructure, while providing the same level of application consistent data protection and disaster recovery that more traditional backup solutions provide for server-based applications. Many recoveries these days are a result of cyber-attacks, and our SaaS model provides a logical airgap for our customers and enhances their cyber-resilience.

VMblog:  CloudCasa is specifically designed for Kubernetes and container environments. How complex is it to administer when cloud and application infrastructure is now part of configuration data?

Sankaran:  When it comes to Kubernetes, simple is very hard. The platform is built on the premise of providing developers greater control, flexibility and elasticity. That is only possible by exposing more moving parts to the outside world. It is akin to carrying Formula 1 race car controls in your Ford Explorer.

When it comes to data protection, there is a strong willingness to automate all things related to backups. But users still yearn for a guided recovery process instead of fumbling around with YAML files, cloud configurations and standby clusters. This is why we've invested heavily into enabling cross-cluster, cross-region and cross-account migrations and recoveries.  We handle storage class mapping, provisioning of new PVs, and namespace mapping across all clouds, and we additionally perform IAM mapping and eliminate the need for stand-by recovery clusters when restoring in Amazon AWS.

VMblog:  Ransomware is a threat for organizations of all sizes today. Is that why new security posture review features were part of this update of CloudCasa?

Sankaran:  That certainly played into it. Ransomware and malware have been on everyone's minds, not to mention in the news, for the past couple of years. But they really just help to illustrate the need for an improved security posture, in general. Kubernetes environments are very complex, and it can be all too easy for a small and easily overlooked misconfiguration to open a system up to attack. In fact, it is estimated that a staggering 69% of security incidents in Kubernetes are due to misconfigurations and almost three-fourths of containers in production carry a patchable vulnerability.  Hence the need for tools to assist with security posture review.

As a data protection company, we've been promoting the concept of cyber-resilience. NIST defines cyber-resilience as "The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Cyber resiliency is intended to enable mission or business objectives that depend on cyber resources to be achieved in a contested cyber environment." Their definition tends toward opaque military terminology, but "in a contested cyber environment" means when your infrastructure is under attack. And recently IT infrastructure is under constant attack, be it from isolated actors, ransomware gangs, or groups associated with hostile nation states.

Backups, of course, are absolutely critical for cyber resilience. But there is more to it than that. We saw that our customers were also struggling with trying to assure that their Kubernetes configurations were secure. There are so many tools out there that claim to help with this that choosing the right combination to provide even some basic assurances can take more time than many developers and devops teams have to spare. So, we decided to help by providing a curated collection of configuration scanning tools as part of our service. Even for free users.

VMblog:  Is CloudCasa becoming a player in the Kubernetes and cloud security space?

Sankaran:  Security has always been about building layers of protection. We don't intend for CloudCasa to be an end-to-end security solution, but we think it will help keep many of our customers from finding themselves in the position where they need to restore because of a configuration-related breach. And while we are happy to be their reliable last line of defense, we hate to see them dealing with downtime. When you are backing up to the cloud, there is also a huge financial incentive to avoid egress charges for us as well as our customers. When it comes to cyber-attacks, prevention is truly better than the cure and we are happy to be proactive and be an additional layer of protection for our customers.

VMblog:  This version of CloudCasa includes cross-cluster and cross-cloud restores. Why are these important for customers?

Sankaran:  Restores are no longer an activity performed only under duress and disaster recovery. Since many Kubernetes users are dealing with digital transformation at a pace never seen before, we are seeing restores being utilized regularly to aid migration, accelerating test and dev and to maintain well segregated production and non-production environments. These recoveries are happening not just across clusters, but also regions, cloud accounts and even cloud providers.

VMblog:  Is there anything different in how CloudCasa approaches migrations?

Sankaran:  Yes. Imagine a customer is trying to restore from an EKS cluster maintained by an offshore team in region 1 to another EKS cluster in production in region 2. Today, the user cannot kick off a restore until the recovery cluster has been setup and configured first. They have to:

  1. Create and setup a recovery cluster similar to that of the backed-up cluster.
  2. Install backup agent (Velero or anyone else's) on that cluster.
  3. Reconfigure the s3 backup bucket to be seen by the new cluster in a new region and account.
  4. Configure the backup agent to use these cloud credentials and test connectivity.
  5. Run restore and watch with bated breath while data moves across region.
  6. Deal with storage class remapping, PV provisioning, namespace mapping, and disparate IAM privileges before the restored data becomes accessible.

This process is eerily similar to server recovery before bare metal recovery was invented 20 years ago. This is where we are applying our 20+ years of data protection experience to solve for Kubernetes. We spin up an EKS cluster during recovery, apply the EKS configuration from backup, guide you through recovery, and perform mapping of namespaces, storage classes, IAM etc. We also allow you to save this as a policy so that you can run it as many times as you need for a repeatable and consistent outcome.  


VMblog:  Overall, as CloudCasa addresses data protection and disaster recovery with the Kubernetes, do you still see unique opportunities and challenges in this segment?

Sankaran:  Definitely. Traditional data protection vendors struggle to deal with an architecture where ephemeral is a core feature. They struggle with scaling alongside Kubernetes. They struggle with the auto-healing shape-shifting nature of Kubernetes. Most are not Kubernetes-native and struggle with environmental awareness - whether it is the applications on Kubernetes, or the hosting cloud provider, or the adjacent workloads like RDS. The incumbent backup players are also struggling with a change in target user persona (developers and DevOps) as well as product acquisition channels (marketplaces and SaaS sign-ups).

All of these are opportunities for us to get it right.


VMblog:  What's on the horizon for CloudCasa and Catalogic Software?

Sankaran:  As a company, we are trying to be proactive about preventing cyberattacks for all our customers. Both our Data Protection product DPX and our SaaS service CloudCasa are adding capabilities that enhance our customers' security posture.

And of course, our job is to follow the data - With more of our customers' data moving to Cloud and Containers, we will continue to enhance our support for more data types, integrate with more cloud providers, and give our users greater insight and control on our CloudCasa platform.


Published Thursday, February 10, 2022 7:31 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2022>