How prepared are organizations to face a ransomware attack on Kubernetes?

Veritas Technologies announced the results of a new study revealing that the majority of organizations are underprepared to face threats against their Kubernetes environments.

Kubernetes environments threats

Kubernetes is being rapidly deployed into mission-critical environments in organizations around the world, the research showed, with 86% of organizations expecting to deploy the technology in the next two to three years, and one-third already relying on it today. However, just 33% of organizations who have deployed Kubernetes so far have tools in place to protect against data loss incidents such as ransomware.

The research, which gathered the opinions of 1,100 senior IT decision makers globally, found that 48% of organizations that have deployed Kubernetes have already experienced a ransomware attack on their containerized environments, while a staggering 89% of respondents said that ransomware attacks on Kubernetes environments are an issue for their organizations today.

Anthony Cusimano, solutions evangelist at Veritas, said: “Kubernetes is easy for organizations to deploy, and quickly improves affordability, flexibility and scalability—it’s no wonder so many are embracing containerization. But because deployment is so simple, organizations can easily surge ahead faster with their Kubernetes implementation than their Kubernetes protection. Suddenly, they’ve found themselves with two-thirds of their mission-critical Kubernetes environments completely unprotected from data loss. Kubernetes has become the Achilles heel in organizations’ ransomware defense strategies.”

Siloed solutions

Organizations are missing the opportunity to deliver rapid protection to these at-risk data sets by failing to extend their existing data protection from their traditional workloads out across their containerized environments.

Just 40% of organizations are currently following this model, while the rest are complicating their protection environments with standalone products for some or all of their Kubernetes protection. They are doing this even though 99% of respondents believe there would be benefits to taking an integrated approach. This could be because 44% of respondents said that they know little or nothing about solutions that could protect data across traditional, virtual and Kubernetes environments.

The biggest risks associated with siloed data protection solutions were identified by the research as “a more complex or lengthy data restore process after a data-loss incident” and “a higher cost of deploying multiple solutions.” Meanwhile the most compelling reasons among respondents for adopting a single solution to protect data against data loss and ransomware attacks were “a simplified restore process” and “a single place to manage protection data.”

More protection for Kubernetes environments in the future

The research showed that organizations expect to be able to achieve better protection of their Kubernetes environments over time, with 29% of organizations believing that ransomware will not be an issue five years from now. This aligns with increased spending on protection for containerized data—organizations expect to spend an average of 49% more in this area in five years’ time than they do today, which will leave less than 3% of them without data protection in place for their mission-critical Kubernetes environments.

Furthermore, 61% of organizations expect that future investment in their protection infrastructures will leave them “very well prepared” for ransomware attacks on Kubernetes environments in the next five years.

Cusimano continued: “It’s clear that organizations around the world understand the value of protecting the mission-critical data they’re using in their Kubernetes environments. And it’s great that it seems they’ll eventually get the protection that they need.

However, if a week is a long time in politics, five years is a very long time in data protection, and we expect to see more and more ransomware variants emerge over that time that target Kubernetes and take advantage of this Achilles heel. Too many organizations are missing the simple solution to extend their current data protection platforms to their Kubernetes environments today, leaving them in an unenviably vulnerable position.”

Don't miss