Why containers are susceptible to ransomware and what to do about it
- Details
- Published: Thursday, 04 May 2023 09:25
What are the key vulnerabilities that make containers susceptible to ransomware attacks and how can organizations effectively mitigate these weaknesses? Anthony Dutra looks at these questions.
With the demand for data being higher than ever, vulnerabilities and risks to data integrity are increasing - particularly for organizations that are refactoring their applications for Kubernetes. As attacks continue to rise exponentially, organizations need to come to terms with the fact that no application is safe from ransomware.
Though Kubernetes and containers allow for a variety of benefits, including the refactoring of key legacy applications, those adopting these containers often quickly realise that data protection and security concerns are a significant challenge for operations - with the security risks they pose proving to be a stumbling block for organizations.
When it comes to ensuring that containerized applications are protected against ransomware and other potential security threats, those responsible for refactoring applications should specifically be addressing the top container security risks by both working with native features and seeking out necessary integrations.
Pods open entry points for malicious actors
Refactored containerized applications often originate from legacy code and are typically already running on bare metal servers or virtual machines. However, the process of refactoring is not without challenges, as it may require modifications to existing application elements to support containerization. This can hinder organizations from fully realising the anticipated benefits of containerization, particularly in terms of improved security, which is often cited as a key objective.
These challenges can have a significant impact on security in various ways. For instance, Pods are critical components of Kubernetes deployments, responsible for hosting containers for each application process. Each Pod is assigned its own IP address and can communicate directly with other Pods. However, the recommended practice is to use Services, which are sets of Pods accessible through a single, fixed DNS name or IP address. Many applications on Kubernetes rely on Services for communication, which can potentially expose access to the Pod or cause networking issues within the cluster due to frequent restarts. This can inadvertently create a vulnerability that bad actors could exploit as an entry point into the system.
Another cause of concern arises from supply chain attacks. As containerized applications are designed for automation, especially when updating code, some Kubernetes implementations may continue to pull the latest application Pod without verifying updates or potential vulnerabilities, further adding to the risk factor.
Minimising downtime, disruption, and attacks
Protecting against attacks on container infrastructure starts with identifying which applications need to be refactored and how its data will be integrated. With this foundation in place, security and recovery solutions can be deployed to address the primary container risks. This can be done by working with native features or integrating with a broader data protection platform. This will enable organizations to minimise the risk of malware, ransomware and other threats, thus maximising uptime and minimising disruption.
To achieve comprehensive protection, organizations need to carefully consider their choice of data protection technologies. Opting for a native solution can ensure that data protection is integrated as a foundational element of a container-centric strategy. By adopting this approach, development and security teams can have confidence in their ability to deliver robust protection and resilience, while also leveraging the inherent performance and agility. This ensures that all stakeholders can benefit from the advantages offered by containerization, while also ensuring that data remains safeguarded throughout the application lifecycle.
The benefits of CDP-as-Code
Organizations also need a comprehensive solution to ensure the security of their legacy and containerized applications at every stage of the supply chain, including during the refactoring process and beyond. What’s needed is a solution designed to safeguard cloud-native applications built on containers. One that follows a ‘data protection as code’ strategy, integrating backup and disaster recovery operations into the application development lifecycle right from the start. This means that applications are protected from the moment they are created.
As more enterprises adopt containers and Kubernetes architectures for their applications, the reliance on microservices requires a robust data protection strategy. Continuous data protection (CDP) ensures that your data protection strategy can keep up with the fast-paced world of containers, providing real-time protection against data loss.
True protection goes beyond just persistent data. It is essential to be able to safeguard, move, and recover a containerized application as a consistent entity, including all associated Kubernetes objects and metadata. This demands comprehensive protection for not only the persistent volumes of your applications but also their associated entities, ensuring complete coverage for your containerized applications.
Such a solution will ensure that your legacy and containerized applications are continuously protected throughout the supply chain, including during the refactoring process and beyond. A data protection as code approach and support for continuous data protection enable you to keep up with the dynamic nature of containers and Kubernetes, ensuring the security and resilience of your applications in today's rapidly evolving IT landscape.
The author
Anthony Dutra is Technical Marketing Engineer at Zerto, a Hewlett-Packard Enterprise company.
