Feodora - stock.adobe.com

TrilioVault update focuses on securing Kubernetes backup

Anti-ransomware features in TrilioVault for Kubernetes v2.5 include application-level immutability and encryption to help ensure Kubernetes backup data is recoverable.

Ransomware attackers are increasingly going after backups, and Trilio wants to cut off that option.

The data protection vendor updated its TrilioVault for Kubernetes to v2.5 today, which introduced several features designed to stop criminals from compromising backups. A new immutability capability prevents backups from being modified or deleted for a set period, and a new encryption capability prevents the backups from being read.

The immutability feature in TrilioVault for Kubernetes is unique in that data can be locked at the application level, rather than the storage level. Many products that achieve immutability through S3-based object lock, such as Zerto, Retrospect and Cloudian HyperStore, are only as granular as the cloud storage provider's capabilities allow. But TrilioVault lets customers lock down objects related to specific applications, instead of entire buckets.

The new encryption feature in TrilioVault for Kubernetes is similarly granular, enabling customers to encrypt specific data related to applications, instead of everything within a storage environment. Encrypting data increases its size, so customers can save storage space by not encrypting superfluously.

Criminals generally compromise backups for cloud-native applications through two entry points: the software managing the backup and the storage media where the backups are stored, said Prashanto Kochavara, director of Kubernetes products at Trilio. Therefore, ransomware can't be defeated by a single feature or product. The updates to TrilioVault for Kubernetes focus on cutting off one of those two points of entry.

"We want to make sure the Trilio product is not a point of failure for security," Kochavara said.

TrilioVault for Kubernetes already had some security features before v2.5, including multifactor authentication and role-based access control.

Recovery should be as much a part of the conversation as intrusion detection.
David SafaiiCEO, Trilio

With the surge in ransomware attacks over the past two years, customers need to know their backups are recoverable, said Trilio CEO David Safaii. It's just as important to ensure backup systems don't get infiltrated and tampered with as it is to stop ransomware from getting in in the first place, he added.

"Recovery should be as much a part of the conversation as intrusion detection," Safaii said.

TrilioVault for Kubernetes v2.5 also added several support features. The software now supports Azure Blob Storage and Google Cloud Platform Object Storage as backup targets and OpenID Connect, Lightweight Directory Access Protocol and cloud authentication providers. Additionally, this update introduced a multi-namespace backup feature that lets users consolidate multiple namespaces into a single backup for easier management.

Recovery from a DevOps point of view

TrilioVault for Kubernetes users are a mix of IT administrators and DevOps personnel, according to Safaii. But the features introduced in v2.5 mostly cater to the latter, said Lucas Mearian, research manager at IDC. Backup and recovery based on namespace, rather than storage, allows DevOps teams to initiate recovery and rollbacks without interfering with anything else in the storage environment. This allows DevOps to perform backup and recovery themselves instead of having to turn to a backup administrator.

DevOps teams don't know or care what else is stored in the nodes or clusters their applications live on, Mearian said. Across the aisle, backup and storage administrators are satisfied because DevOps' backup and restore activities won't disrupt anything on the IT side.

"In a DevOps environment, these folks do not want to see how the sausage is being made," Mearian said.

Still, the focus of TrilioVault for Kubernetes v2.5 is its anti-ransomware features, Mearian said. Ransomware remains a top concern for IT leaders, and many data protection vendors have introduced countermeasures such as air-gapping, immutability and isolated recovery environments into their products. Right now, it's a matter of expanding those capabilities into products tailored for Kubernetes data protection, Mearian said, because "the bad guys know they need to target backup systems."

In an IDC survey taken last year, respondents pointed to containers as being more vulnerable to ransomware attacks than established storage environments. They cited containers' lack of native data protection, portability and likelihood of being deployed at the edge, raising additional security considerations, among their reasons why, Mearian said.

"Containers are both natively less secure, and there's a perception of it among customers," Mearian said.

Johnny Yu covers enterprise data protection news for TechTarget's Storage sites SearchDataBackup and SearchDisasterRecovery. Before joining TechTarget in June 2018, he wrote for USA Today's consumer product review site Reviewed.com.

Dig Deeper on Data backup security