This week, Catalogic Software announced the general availability of the next major feature release for its cloud native back-up-as-a-service platform CloudCasa.
To find out more, VMblog reached out to Sathya Sankaran, COO of Catalogic.
VMblog: For those not familiar with your offering, let's start
with what is CloudCasa?
Sathya Sankaran: CloudCasa is a powerful cyber-resilient backup service built
for protecting Kubernetes, cloud databases, and cloud native applications. As a
SaaS solution, CloudCasa removes the complexity of managing traditional backup
infrastructure, while providing the same level of application consistent data
protection and disaster recovery that more traditional backup solutions provide
for server-based applications. Many recoveries these days are a result of cyber-attacks,
and our SaaS model provides a logical airgap for our customers and enhances
their cyber-resilience.
VMblog: CloudCasa is specifically designed for Kubernetes and
container environments. How complex is it to administer when cloud and
application infrastructure is now part of configuration data?
Sankaran: When it comes to Kubernetes, simple is very hard. The
platform is built on the premise of providing developers greater control,
flexibility and elasticity. That is only possible by exposing more moving parts
to the outside world. It is akin to carrying Formula 1 race car controls in
your Ford Explorer.
When it comes to data protection, there is a strong
willingness to automate all things related to backups. But users still yearn
for a guided recovery process instead of fumbling around with YAML files, cloud
configurations and standby clusters. This is why we've invested heavily into
enabling cross-cluster, cross-region and cross-account migrations and
recoveries. We handle storage class
mapping, provisioning of new PVs, and namespace mapping across all clouds, and
we additionally perform IAM mapping and eliminate the need for stand-by recovery
clusters when restoring in Amazon AWS.
VMblog: Ransomware is a threat for organizations of all sizes
today. Is that why new security posture review features were part of this
update of CloudCasa?
Sankaran: That certainly played into it. Ransomware and malware have
been on everyone's minds, not to mention in the news, for the past couple of
years. But they really just help to illustrate the need for an improved
security posture, in general. Kubernetes environments are very complex, and it
can be all too easy for a small and easily overlooked misconfiguration to open a
system up to attack. In fact, it is estimated that a staggering 69% of security
incidents in Kubernetes are due to misconfigurations and almost three-fourths
of containers in production carry a patchable vulnerability. Hence the need for tools to assist with security
posture review.
As a data protection company, we've been promoting the
concept of cyber-resilience. NIST defines cyber-resilience as "The ability to
anticipate, withstand, recover from, and adapt to adverse conditions, stresses,
attacks, or compromises on systems that use or are enabled by cyber resources.
Cyber resiliency is intended to enable mission or business objectives that
depend on cyber resources to be achieved in a contested cyber environment."
Their definition tends toward opaque military terminology, but "in a contested
cyber environment" means when your infrastructure is under attack. And recently
IT infrastructure is under constant attack, be it from isolated actors,
ransomware gangs, or groups associated with hostile nation states.
Backups, of course, are absolutely critical for cyber
resilience. But there is more to it than that. We saw that our customers were
also struggling with trying to assure that their Kubernetes configurations were
secure. There are so many tools out there that claim to help with this that
choosing the right combination to provide even some basic assurances can take
more time than many developers and devops teams have to spare. So, we decided
to help by providing a curated collection of configuration scanning tools as part
of our service. Even for free users.
VMblog: Is CloudCasa becoming a player in the Kubernetes and cloud
security space?
Sankaran: Security has always been about building layers of
protection. We don't intend for CloudCasa to be an end-to-end security
solution, but we think it will help keep many of our customers from finding
themselves in the position where they need to restore because of a
configuration-related breach. And while we are happy to be their reliable last line of defense, we hate to see them dealing with downtime. When you are
backing up to the cloud, there is also a huge financial incentive to avoid
egress charges for us as well as our customers. When it comes to cyber-attacks,
prevention is truly better than the cure and we are happy to be proactive and
be an additional layer of protection for our customers.
VMblog: This version of CloudCasa includes cross-cluster and
cross-cloud restores. Why are these important for customers?
Sankaran: Restores are no longer an activity performed only under duress and disaster recovery. Since
many Kubernetes users are dealing with digital transformation at a pace never
seen before, we are seeing restores being utilized regularly to aid migration, accelerating
test and dev and to maintain well segregated production and non-production
environments. These recoveries are happening not just across clusters, but also
regions, cloud accounts and even cloud providers.
VMblog: Is there anything different in how CloudCasa approaches
migrations?
Sankaran: Yes. Imagine a customer is trying to restore from an EKS
cluster maintained by an offshore team in region 1 to another EKS cluster in
production in region 2. Today, the user cannot kick off a restore until the
recovery cluster has been setup and configured first. They have to:
- Create and setup a recovery cluster similar to
that of the backed-up cluster.
- Install backup agent (Velero or anyone else's)
on that cluster.
- Reconfigure the s3 backup bucket to be seen by
the new cluster in a new region and account.
- Configure the backup agent to use these cloud
credentials and test connectivity.
- Run restore and watch with bated breath while
data moves across region.
- Deal with storage class remapping, PV
provisioning, namespace mapping, and disparate IAM privileges before the
restored data becomes accessible.
This process is eerily similar to server recovery before bare
metal recovery was invented 20 years ago. This is where we are applying our 20+
years of data protection experience to solve for Kubernetes. We spin up an EKS
cluster during recovery, apply the EKS configuration from backup, guide you
through recovery, and perform mapping of namespaces, storage classes, IAM etc. We also allow you to save this as a policy so that you can run it as many times as
you need for a repeatable and consistent outcome.
VMblog: Overall, as CloudCasa addresses data protection and disaster
recovery with the Kubernetes, do you still see unique opportunities and
challenges in this segment?
Sankaran: Definitely. Traditional data protection vendors struggle to
deal with an architecture where ephemeral is a core feature. They struggle with
scaling alongside Kubernetes. They struggle with the auto-healing shape-shifting
nature of Kubernetes. Most are not Kubernetes-native and struggle with
environmental awareness - whether it is the applications on Kubernetes, or the
hosting cloud provider, or the adjacent workloads like RDS. The incumbent
backup players are also struggling with a change in target user persona (developers
and DevOps) as well as product acquisition channels (marketplaces and SaaS sign-ups).
All of these are opportunities for us to get it right.
VMblog: What's on the horizon for CloudCasa and Catalogic Software?
Sankaran: As a company, we are trying to be proactive about preventing
cyberattacks for all our customers. Both our Data Protection product DPX and
our SaaS service CloudCasa are adding capabilities that enhance our customers'
security posture.
And of course, our job is to follow the data - With more of
our customers' data moving to Cloud and Containers, we will continue to enhance
our support for more data types, integrate with more cloud providers, and give
our users greater insight and control on our CloudCasa platform.
##