Ransomware attacks were up 150% from 2019 to 2020 with the amount paid by victims increasing by more than 300%. There is no question that ransomware can be devastating to businesses of all sizes – the very recent and very prominent ransomware attack on the Colonial Oil Pipeline underscores the potential for disaster as attackers increasingly target key infrastructure, directly affecting consumers and enterprises. With ransomware attacks on the rise and payouts expected to exceed $20 billion this year, enterprise data protection is more critical than ever.
The accelerated adoption of containers and Kubernetes has increased with the impact of ransomware. Naturally, attackers are increasingly setting their sights on these environments, ripe for potential exploitation. While Kubernetes is not inherently insecure, common issues with overpermissioning during install, increasing numbers of known vulnerabilities, skipped updates, uninstalled software patches, and gaps in backup and recovery make Kubernetes deployments attractive attack vectors for malicious actors.
So what are the implications for containerized environments, especially as enterprises increasingly rely on Kubernetes applications to drive operational success? Taking weaknesses and possible points of failure into account will be critical to ensure that cloud-native systems are prepared for the ongoing threat of ransomware. While the goal is to prevent a ransomware attack from happening altogether, it’s just as important to plan for how to recover from one.
Here are three ways that IT and cyber security teams can ensure Kubernetes environments are secure and resilient in order to mitigate the threat of ransomware:
Invest in Proper Cloud Native Tooling
The first line of defense against any security threat is good cyber hygiene. This means ensuring that you have the right tooling in place to secure a cloud native environment – capabilities need to be microservices-centric, portable, and automatically managed. Because of rapid, continuous delivery of applications and services, security capabilities need to match the speed and scale of cloud-native development. Since endpoints and perimeter protection are no longer relevant because threats can come from any direction, organizations need to focus on security workloads and data centers instead. Detection becomes focused on runtime environments in real-time instead of static signatures. Most importantly, protection needs to be oriented around the entirety of an organization’s software stack, whether it’s cloud-only or hybrid.
The ideal cloud-native software stack combines the elements outlined above with a security mix that is scalable and responsive to the evolving needs of an enterprise. While cloud-native environments are quickly evolving, there are standard issue capabilities that can support the notion of “zero-trust,” where every application or service is considered a target for attackers, and should be considered. These include solutions that provide API security; authentication and identity/access management; data encryption; vulnerability management and automated software patching; Kubernetes-specific security capabilities, infrastructure as code security; and Kubernetes data protection via backup, disaster recovery and application mobility.
Backups are becoming increasingly critical to ransomware protection. To ensure they are effective, backups must enable immutability, create unique code paths, and have minimal permissions and privilege separation between object storage providers and encrypted backups. Protecting backups for maximum effectiveness and enabling seamless restores are part of a robust ransomware data protection strategy.
But enterprise IT and security teams should be aware of the different operating requirements for Kubernetes applications in contrast to legacy systems. Application state and configuration data are important for Kubernetes environments but have little relevance in legacy systems. Additionally, snapshots are unreliable for recovery and long-term data retention in Kubernetes because of potential data loss.
Application portability and scalability are other factors to consider in any robust Kubernetes backup solution. Cloud-native environments offer the most options in terms of portability and organizations must be able to take advantage of this across clusters, regions and diverse infrastructure to ensure effective restoration. Additionally, Kubernetes-based application requirements for scale have increased as a result of growing application components; ConfigMaps, secrets, etc., dynamic autoscaling (clusters and applications), and polyglot persistence (multiple databases used by a single cloud-native application) are all key components of a scalable solution that addresses this need. Accounting for the key differences between legacy, monolithic infrastructure and cloud-native environments will ensure that backups are sufficiently hardened to hedge against pressing threats like ransomware.
Ensure Recovery is Bulletproof- It’s the Last Line of Defense
Despite disaster planning, ransomware attacks do sometimes succeed. Recovery capabilities should be in place as an organization’s last line of defense. Ransomware attacks are not one-size-fits all and attackers work diligently to find the right targets. In the case of Kubernetes, an attack on a cluster may stem from something as “simple” as an overlooked, unauthenticated endpoint or an unpatched vulnerability. In the event of a successful attack, fast recovery via granular restores is essential to protecting sensitive data from being exploited and resuming business operations quickly.
Enterprise IT teams run and maintain thousands of applications across different locations using platforms like Kubernetes that enable automation – overseeing all of them manually is a task nearly beyond human capabilities. Solutions for recovery should also promote automation and integrate seamlessly into existing workflows just like the rest of the cloud native security stack.
As the threat of ransomware grows and attacks become more sophisticated, implementing the right procedures to prevent and recover from attacks is critical. Kubernetes is the unifying fabric of modern computing. Using it to mitigate the most pressing data threats in today’s risk landscape is one of the best defenses yet.