Skip to content

Given the unique characteristics of Kubernetes environments and the increasing frequency of ransomware attacks, what do organizations need to do to mitigate the threat of ransomware?

No one can deny that cloud native applications are rising in popularity. IDC predicts that by 2023, more than 500 million digital apps and services will be developed and deployed using cloud-native approaches. Meanwhile, Kubernetes has become the de-facto standard for container management, making it a popular choice for developers of cloud-native applications. In fact, 68% of IT professionals have increased their use of Kubernetes since the pandemic to accelerate deployment frequency, increase automation and reduce IT costs.

But as developing Kubernetes applications often involves open source code libraries, bugs and misconfigured access permissions that open up vulnerabilities, ransomware is a growing concern. Not only are cloud native applications made up of multiple microservices stored on different nodes, but Kubernetes objects contain networking and storage data, which means you have to protect a lot of moving parts. Kubernetes is also updated frequently, and if teams don’t stay on top of updates, risk increases. 

In an EM360 percent podcast, VP of Product at Kasten by Veeam, Gaurav Rishi explored the topic, unpacking the meaning behind the principle “Separation of Concerns.” He explained the importance of freedom of choice and agility, and the importance of implementing a cloud native backup and recovery solution that protects all components within a Kubernetes application -- wherever they reside.


Two Principles of Cloud Native Development

According to Rishi, cloud native development, the so-called “new stack” is built on two principles: “separation of concerns” and “modularity,” enabling application software to be developed as microservices and run across a variety of data centers, clouds, and the edge:

  • Separation of Concerns: The cloud-native stack achieves this via functionality-based layering that resembles the construction of the TCP/IP stack, with separate layers for the Infrastructure, Kubernetes deployment, core Kubernetes platform add-ons and data services. Infrastructure focuses on storage, compute and networking elements. 

  • Modularity: Cloud native applications tend to be developed as microservices, with a “loose coupling” between each of the services. Each layer has specific standards that provide the ingredients for modularity — and that means developers can choose the best tools for the job at hand.

Rishi said that the goal of these two principles is to reduce complexity without sacrificing freedom of choice. “While separation of concerns allows you to make implementation and innovation parallel and completed independently by separate, smaller teams, modularity enables you to choose the right tool for each of the layers of separation,” he said. “That allows us to maintain freedom of choice, but at the same time, unleash innovation and create the best of applications.”

Backup: Your Last Line of Defense

However, according to Rishi, many organizations lack effective Kubernetes backup and recovery solutions needed to stave off the threat of ransomware to cloud-native applications. “It astounds me to see the number of enterprises that don't have a backup and recovery process in place,” he said. “You must be sure you have a clean environment in terms of image scanning and that your applications are kept in a completely different environment, so you can recover them in case your organization is hit by a ransomware attack.” 

As backup is this last line of defense, it’s critical that your solution has the following four characteristics:

  1. Immutability: Ransomware protection must cover all objects within a Kubernetes application, not just components in a certain database or one of the Kubernetes objects such as config map or NCD. The entire application, including all the microservices, needs to be protected against content deletion or corruption.

  2. Reliable recovery and easy operations: Because the Operations team is under intense pressure to stop the bleeding following a successful ransomware attack, fast and easy recovery is essential. Not only do you stand to lose productivity during an attack, there’s a lot of stress on the team. You need a solution that reduces human error and the time it takes to recover to a known good state for the entire Kubernetes application.

  3. Cost-effectiveness: A recovery solution that is expensive and difficult to maintain can end up being more costly than the ransom it’s supposed to protect your applications from. Therefore, you should avoid being tied to a particular Kubernetes distribution, storage or cloud vendor, so that your backup solution not only delivers on its promises but enables you to maintain your freedom of choice.

What Else Can Organizations Do to Combat Ransomware? 

Automation and an API-first approach to solving cybersecurity problems will enable teams to maintain agility at scale. Additionally, institutionalizing knowledge sharing and nurturing a culture of learning across the organization will reduce the tendency to repeat previously defined processes, and instead, adapt and innovate to tackle new challenges over the long term.

Listen to the full podcast on demand. 


Interested in investing in a Kubernetes native backup and ransomware data protection solution? Discover Kasten K10, the free #1 Kubernetes backup!

Get_Free_Kasten_K10-1500 (2)

Download Free Kasten K10










For information about Kasten K10

Contact Us

For information about Kasten K10, please send us a message using the form on this page, or email us at

For product support: Open a case via Veeam
Community support: Veeam Community


Kasten, Inc. 
8800 Lyra Drive, Suite 450
Columbus, Ohio 43240

We value the critical role that the security community plays in helping us protect the confidentiality, integrity, and availability of our software, services, and information. If you have information about security vulnerabilities that affect Kasten software, services, or information, please report it to us via our HackerOne Vulnerability Disclosure Program, or anonymously via this form.

Please Send Us a Message