In Part 1, I discussed the ransomware threat and shared findings from a 2021 Ransomware Victims Report sponsored by Cloudian. As a quick reminder, the findings revealed: 1) ransomware attacks are hard to prevent, even when you’re prepared; 2) ransomware can penetrate quickly, significantly impacting an organization’s financials, operations, customers, employees and reputation; and 3) even if you pay the ransom, there are other related costs that can be significant (and it’s rare to get all your data back).
In this Part 2, I discuss why protecting containerized workloads has become essential for DevPros and how best to go about doing so.
Why Protecting Containers Is Now Business Critical
Today, DevPros are leveraging containers more than ever as this enables them to package an application and its dependencies into a distributable image that can run almost anywhere, streamlining development and deployment. With these capabilities in hand, DevPros can accelerate the delivery of innovative and disruptive software solutions and services that help to drive their organization’s agility and competitive advantage.
Container protection has traditionally not been viewed as a priority, as containers lived for a limited time and were stateless. However, modern containers are not only stateful but also produce and utilize data that is persistent and business-critical. Consequently, it has become crucial to back up these modern apps and associated data and protect them from ransomware to ensure business continuity.
So, what’s the solution?
How DevPros Can Best Protect Containers and Modern Apps
Today, DevOps teams increasingly depend upon containers and modern apps that are cloud-native, enabling them to leverage the distributed computing advantages provided by the cloud delivery model, such scale, agility and resiliency. And because today’s containers and modern apps are cloud-native, they likewise require cloud-native storage and data protection. The ideal storage platform should deliver enterprise-grade S3-compatibility and integrate seamlessly with orchestration systems such as Kubernetes as well as cloud-native backup systems. It should also provide robust ransomware protection.
As discussed in Part 1, traditional security defenses are increasingly ineffective in preventing ransomware from penetrating an organization. Therefore, it is critical for DevPros to adopt additional measures to protect their application data, namely having an immutable data backup and encrypting data.
- Immutability – Ransomware often does its dirty work by encrypting stored data. The malware overwrites the original, unencrypted copy, and the attacker then demands a ransom in exchange for the decryption key. With an immutable data backup, the data is protected. Cybercriminals cannot over-write or delete the original data, enabling quick recovery of an unaltered copy in the event of a ransomware attack without having to pay the ransom. In fact, Gartner has stated that “having an immutable copy of the backup is the most important item to start protecting backup data” from ransomware.* Immutability can be achieved through a feature called Object Lock, which is supported by leading enterprise storage platforms and makes immutability part of an automated workflow. Because Object Lock leverages the industry-standard S3 API, there are a variety of storage vendors, data protection vendors and cloud providers that offer it. However, DevPros should look for vendors in which storage is further hardened through secure shell and disabled root access, which secures the solution at the system level and makes it tamper-proof, even by a rogue administrator.
- Encryption – Another common attack vector is for hackers to download company data and then threaten to make it public. To protect against this, data should be encrypted both in transit and at rest. Data encryption converts it to encoded information called ciphertext, which can only be decoded with a unique decryption key generated either at the time of encryption or beforehand. Without the corresponding decryption key, cybercriminals can’t read or release the data in a form that’s intelligible. For data encryption in-flight, DevPros should look for storage systems that provide Server-side Encryption (SSE), Amazon Web Services Key Management Service (AWS KMS), OASIS Key Management Interoperability Protocol (KMIP) and Transport Layer Security / Secure Socket Layer (TLS/SSL). To protect stored data, it is best to employ AES-256 encryption—the specification established by the U.S. National Institute of Standards and Technology (NIST)—using a system-generated encryption key (regular SSE) or a customer-provided and managed encryption key (SSE-C).
By employing data immutability and encryption, DevPros can ensure access to their applications and data with minimal disruption in the event of a ransomware attack. In addition, by eliminating the need to pay the ransom, they are not only spared the financial pain imposed by an attack but also help break the cycle of ransomware payments funding further attacks.