If you want to secure Kubernetes, you have to be strong in the multi-cloud and in cyber resilience.
A number of companies now rely on Kubernetes, and container orchestration has become mainstream. How can this particular workload be best secured? You have to do justice to its special character and master the multi-cloud.
The advantages of Kubernetes for developers are enormous; they can quickly roll out lean and dynamic web-enabled applications. Open-source container orchestration tools such as Kubernetes enable them to split monolithic applications into smaller, different microservices and run this software reliably between computer platforms. New workloads can be integrated into the IT environment at a more laborious pace, even if they are made up of old and private and public cloud resources in complex multi-cloud scenarios.
If you want to secure Kubernetes workloads in this dynamic structure, you have to master the multi-cloud perfectly.
No more silos
By definition, data in a multi-cloud is distributed across a variety of storage locations, and Kubernetes is by definition designed for these scenarios. IT teams must invest a lot of time and resources to properly manage this colourful puzzle of proprietary, isolated data islands. The distorted picture causes a number of glaring problems that come with the amount of data and the number of legal regulations such as GDPR or NIS2. In this way, it quickly becomes impossible to know whether data is redundant, whether critical personal data is stored in risky locations, or whether it has been included in the backup plan.
A company can try to get these data islands under control with processes and data product solutions but must deal with excessive infrastructure and operational costs, lack of integration between products, and complex architectures. It is questionable whether all data in such a fragmented environment is protected from ransomware and whether important tasks such as rapid recovery can be implemented in the time and quality required to maintain business operations.
However, these problems can be solved by bringing together the distributed workloads on a hyper-converged platform that is easily scalable and strictly follows the zero-trust security model. The locally stored data is stored on immutable storage and is inherently highly encrypted, even during transport. Access is only possible if you have authenticated yourself using multi-factor authentication and previously authorised using role authentication. IT managers also only access all workloads via a uniform console. The Kubernetes elements are also maintained accordingly. The roles and rules control which resources the IT managers actually see in their console. Important configuration changes or deletion processes are additionally protected by a quorum process. If, for example, an IT manager wants to change critical settings, other responsible persons are triggered in the background and automatically asked whether they approve the process. This is intended to protect highly sensitive areas from manipulation. Protect integrity, and understand data values.
Respond to successful attacks
Even the best defence strategy can fail. If a ransomware or wiper attack is successful, the lights in the company are turned off, literally. In an emergency, nothing will work anymore. No phone, no email, no door, let alone the website. The IT teams of the CIOs and CISOs will not even be able to respond to this attack because all security tools are offline and evidence in logs and on the systems is encrypted. No one will be able to call their team together because VoIP doesn’t work.
However, using a data management platform the infrastructure and security teams can jointly establish an isolated cleanroom in which an emergency set of tools and system and production data is located, including the Kubernetes backups. In this cleanroom, the IT teams can create an emergency operation of the entire IT. This contains all the important tools for the security teams so that they can begin the essential incident response process. This process is important for generating correct and meaningful reports for NIS-2, DORA and GDPR violations. From the cleanroom, the production environment, including Kubernetes, can be gradually restored with hardened, clean systems in close coordination with the infrastructure teams.
Doing justice to the character of Kubernetes
Companies can secure their container environment with a Data Cloud Platform, as the platform offers the same level of reliability and flexibility for Kubernetes-based workloads as for all other business-critical workloads in the multi-cloud.
One thing is clear. The amount of workloads will continue to increase and the application landscape in companies is even more diverse. It is therefore crucial that the backup and recovery of data for all workloads can be carried out in the same way via the same console with the same rules. This allows vital processes for the company to run as efficiently as possible when an attack is underway. But that’s not enough. It’s just as important to provide the infrastructure and security teams with a secure space where they can respond to the attack together and restore data and systems to production in a hardened form. No matter what the workload is.
Pascal Brunner is Director Field Strategy, EMEA and APJ at Cohesity