Kubernetes Data Management Platforms Combating the Rising Data Storage, Security, and Recovery Risks

11
NIRAJ TOLIA
Kubernetes Data Management Platforms Combating the Rising Data Storage, Security, and Recovery Risks

“While the persistent threat of ransomware and risk of failures will always be present, one needs to re-examine additional risk brought on using cloud-native platforms,” says Niraj Tolia, CEO and co-founder, Kasten, in an exclusive Hotseat Interview with IT Security Wire.

ITSW Bureau: How do enterprises get started with cloud-native backups in a cost-effective way?

Niraj Tolia: Cost-effectiveness for cloud-native backups today is only possible with deep integration into the container orchestration system, which is predominantly Kubernetes today. That allows the backup platform to understand the application and extract the smallest possible incremental change from the data. Second, the backup platform should primarily use object storage for the backup location (instead of the expensive disk) to further reduce costs. Finally, cloud-native backup platforms should be self-scaling and, to reduce runtime operational costs, reduce their footprint to a bare minimum when not in use.

Read Also Cloud Data Security – Several Enterprises Are at Risk Due to Unsupported Cloud Workloads

ITSW Bureau: How critical are storage backups in today’s risky environment?

Niraj Tolia: Storage backups are extremely critical for multiple reasons. While the persistent threat of ransomware and risk of failures will always be present, one needs to re-examine additional risk brought on using cloud-native platforms. With a strong emphasis on self-service, agility, and moving quickly, platforms such as Kubernetes have given control over infrastructure creation and destruction to the developer. This makes accidental data loss a far greater risk than in traditional VM-based platforms and has made the need for storage backups more important than ever.

ITSW Bureau: What is the difference between storage array snapshots and disaster backups in a cloud-native environment, and why should backups always be stored independent of my storage system?

Niraj Tolia: Storage array snapshots are critical for fast recovery when faced with accidental data outages. However, these snapshots are often tied to the lifecycle of the underlying disk volume and, if the volume gets deleted, the snapshots will disappear forever too. Backups are therefore always needed to be able to restore data for any form of data loss. However, even if a storage system offers “backups,” it should not be utilized as they do not provide fault isolation. Threats such as ransomware can often encrypt or delete these backups once they have access to the storage system. Failure of the storage system will often leave backups inaccessible too. While there are secondary issues such as increased cost, performance overhead, and management complexity, safety is the main reason driving our strong belief at Kasten that backup and disaster recovery should always be implemented independently of the primary storage system.

ITSW Bureau: Can object stores scale to meet performance targets not only during backups but also recovery?

Niraj Tolia: Yes, modern object storage systems can deliver extremely fast throughput and have significantly improved from the previous generation of object storage systems that were meant to be cheap and deep tiers. Today’s object storage systems are often built with either a combination of flash and disk or when higher performance is needed to be built completely of flash (e.g., Pure Storage systems with S3 APIs). We have benchmarked the performance of 100s of Gigabits per second of throughput with modern object storage systems.

Read Also Ransomware Surge – How Enterprises can successfully Augment their Cyber Resilience

ITSW Bureau: How can I automate my data protection tasks to ensure compliance in an environment where my data spans multiple locations?

Niraj Tolia: With the growth of not just multi-cloud but also deployments across multiple regions in the same cloud provider, it is critical to ensure compliance in multiple locations. The only reasonable way to do this is to use a backup platform that natively embeds into the infrastructure no matter where your applications might be running. This then has to be combined with portable data protection policies that are infrastructure independent and are baked into the application from the development cycle and can, at runtime, automatically determine what backup plan to follow to ensure that the application is protected.

ITSW Bureau: Why Kasten? What’s your strongest differentiation point?

Niraj Tolia: Kasten K10 is the leading data protection platform for Kubernetes today, and three main factors ensure our customers are protected from accidental or malicious data loss. These are ease of use, Kubernetes and application centricity, and security.

Kasten K10 makes Kubernetes backup and recovery extremely easy via a simple dashboard and a clean UX. This helps hide Kubernetes’ complexity and enables traditional system administrators to quickly come up to speed with managing cloud-native infrastructure.

Kasten K10 is the only system that is purpose-built to capture the entire application stack, a critical requirement in an application and developer-focused platform. Unlike legacy platforms built for VMs, its deep Kubernetes integration allows it to do so without requiring any application changes or weakening security.

Given the self-service nature of containerized platforms, Kasten K10 does not stop at end-to-end encryption but includes support for fine-grained RBAC, per-application encryption keys, KMS integration, multiple authentication options (OIDC, OAuth, Token, AD, etc.), and air-gapped support.

Niraj Tolia is the CEO and Co-Founder at Kasten and is interested in all things Kubernetes. He has played multiple roles in the past, including the Senior Director of Engineering for Dell EMC’s CloudBoost family of products and the VP of Engineering and Chief Architect at Maginatics (acquired by EMC). Niraj received his Ph.D., MS, and BS in Computer Engineering from Carnegie Mellon University.