Get your sK8s on — top tips for Kubernetes and container data protection

Core business applications are increasingly reliant on containers, meaning demand for data protection and backup using Kubernetes is increasing. Fred Lherault, field CTO, EMEA, Pure Storage asks if your container data protection strategy up to scratch?

The events of the last 18-odd months have forced IT teams to reevaluate much of their estate and how they operate. One key technology area that has seen real growth is Kubernetes. A survey by Portworx found that 68% of IT professionals said they increased their usage of Kubernetes as a result of the pandemic, primarily to accelerate their deployment of new applications and increase their use of automation — both of which are critical to meeting customers and employees where they are today.

Why is this? Due to their elegant concept, the use of containers and Kubernetes enables a more ambitious use of computing resources. Another advantage of containers is that no matter where they are running, they will always run the same way, whether on a laptop, an on-premises server, a public cloud, on Linux or Windows. Indeed, 95% of new apps are now developed in containers.

However, this recent surge has taken place against the backdrop of an increased threat landscape — ransomware attacks globally increased by 151% in the first six months of 2021. When it comes to business-critical data held in containers and Kubernetes, steps need to be taken to prepare for rapid recovery that avoids downtime, poor customer experience, or incurring SLA penalties. But it’s important to remember that data protection is different when it comes to containers and Kubernetes.

Traditional backup solutions struggle with Kubernetes

Conventional server-based data protection methods are not scalable to the extent required for Kubernetes. According to a survey by ESG, 75% wrongly believe that containers can be secured in the same way as traditional applications, even if some existing backup solutions promise Kubernetes support.

Backups are traditionally aimed at one server or one VM. This doesn’t work for containers, since they run in a distributed manner, often over several servers with different storage targets. Many conventional backup software solutions also pre-date Kubernetes, and therefore don’t support key concepts such as “namespaces” and configuration.

When choosing a modern Kubernetes data protection solution, you must make sure it supports hybrid and multi-cloud environments, bridging on-prem and different cloud operators. It should also cover various backend storage systems, such as local hard disks, enterprise arrays, flash arrays and cloud storage, but also have the ability to restore in different Kubernetes environments. Unfortunately, addressing all of these at once quickly tests the capabilities of conventional backup solutions.

Containers require a completely different data protection approach

Securing business-critical Kubernetes applications in highly dynamic environments requires a completely different approach that has container granularity, comprehensive Kubernetes support and is multi-cloud capable. A modern platform for Kubernetes data services needs to be designed from the outset for these complex environments. It needs to work on a container-granular basis, is namespace-capable and application-consistent. It must also enable data and application configurations to be backed up and be optimized for a multi-cloud world.

This data protection platform should offer granular, role-based access controls that can be integrated with in-house authentication systems such as LDAP and Active Directory to enable a secure self-service experience. Users and user groups can be assigned to specific roles, while administrators can control the authorizations and the level of user access. It should also provide administrators with informative dashboards, which not only show the backup status of the applications, but also make things like namespaces and labels visible to simplify management. Ideally, the data protection platform should also enable self-service backups and restores to give developers the ability to test new features and roll back to a previous point in time without involving administrators.

Integration and cross compatibility with the core hyperscalers, such as Microsoft Azure, Google Cloud Platform, Amazon Web Services and VMware Tanzu, are also critical. Native CSI integration can then be used to secure applications that run on these and other CSI-supported platforms.

Comprehensive data protection technology for Kubernetes

Containerized applications are becoming increasingly important for enabling modern data and applications. In tandem, with its easy scalability, portability and fast iteration cycle, Kubernetes is also particularly effective for enabling rapid developments and innovations. To ensure that these key building blocks of modern infrastructure aren’t left exposed, IT leaders need to make sure they’re taking the appropriate data protection strategy, and one that is able to move configuration information and make sure that Kubernetes can seamlessly start up your apps in the new environment.

Once in place, it will allow organizations to confidently and securely take advantage of containers, so they can decrease their time to market for software projects, reduce infrastructure costs, and increase software quality, helping them to stay ahead in today’s competitive world.