The Clop ransomware is also known to have targeted the University of Maastricht in the Netherlands, which revealed earlier this year that it had paid a $240, 000 ransom in response to the attack. Related: Double Extortion: Ransomware's New Normal Combining Encryption with Data Theft Related: Seven Ransomware Families Target Industrial Software Related: University Project Tracks Ransomware Attacks on Critical Infrastructure Eduard Kovacs ( @EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia's security news reporter. Eduard holds a bachelor's degree in industrial informatics and a master's degree in computer techniques applied in electrical engineering. Previous Columns by Eduard Kovacs:
In recent times, said Brey, Kubernetes has moved from something developers might experiment with to something enterprises will run in production, and as such, those same enterprises have come to Red Hat looking for those same data resilience features that they have come to expect with their traditional application architectures and infrastructures. "They want us to be more than just a storage provider, " said Brey. "They want us to provide data services — services around data resiliency, data security, data governance, data discovery, data cataloging, data efficiency. " With Red Hat OpenShift Container Storage 4. 6, customizable, point-in-time snapshots and clones of persistent data volumes will be orchestrated by the Container Storage Interface (CSI), though Brey further clarified CSI and OpenShift Container Storage alone were not responsible for the full functionality. Rather, the application itself would need to manage consistency, by stopping I/O's and flushing buffers before initiating the snapshot.
This is why ensuring the continuity of Day 2 operations is so critical. To safeguard against these risks, appropriate backup is necessary. Systems that can automatically discover new as well as changed applications and do so without obliging developers to change either their work processes or their tools are a major value add. In Kubernetes environments, this is possible through native APIs that support security protocols, like authentication and authorization, and CI/CD and workflow integrations. All of this reflects the fact that Kubernetes is a fundamentally different kind of computation platform. It is more complex than previous systems, unfamiliar to many IT people who grew up in conventional data center operations, and its administrative responsibilities are distributed in unfamiliar ways. Apart from the traditional reasons for data loss in a cloud environment, Kubernetes increases the risk of accidental data loss. At the same time, however, there is a quickly growing ecosystem of technologies that enable Kubernetes environments to function as they do — delivering agility, performance and scalability — to help users gain the full value from their deployments.
Instead, Clumio's solution converts those snapshots into Parquet files that physically reside in Amazon S3 cloud storage. To access the data through Clumio, it triggers an ad hoc query to Amazon's own Athena service. Admittedly, querying via Athena might be less efficient that running a query directly in RDS, but on the other hand, you avoid all the time and expense for restoring a full replica of the database from S3. The long-term backup solution for RDS comes on the heels of the release of a backup solution for Microsoft 365 announced about a month back that places, under a common control plane, backup for a variety of on-premises and cloud sources including VMware, VMware Cloud on AWS, and Amazon EBS (Elastic Block Store, which is typically used for databases). Clumio's case is that its backup solution spans multiple SaaS services The key to Clumio's solution is that it repurposes the cloud provider's own infrastructure for the housekeeping of its own backup and recovery tools. For instance, it uses Amazon DynamoDB for metadata storage, RDS Postgres for tracking backup configuration, and Lambda functions to execute backup and restore functions.
Open source enterprise software provider Red Hat has launched new capabilities for its OpenShift Container Storage, which works closely with its OpenShift Kubernetes platform, to provide its customers with enhanced data resilience features. Red Hat OpenShift Container Storage 4. 6 adds snapshots, OpenShift APIs for Data Protection (OADP), and support for the new functionality by three backup solutions, with several more on the way. "If you look at traditional bare metal and even virtualized environments, the state was usually more often than not tightly coupled with the application. It resulted in a very monolithic architecture, which has a lot of benefits, for sure, particularly when you think about disaster recovery, backup, those types of topics. It's a very easy architecture to understand, and how to handle things like consistency and backups, " explained Pete Brey, marketing manager of hybrid cloud object storage at Red Hat. "With Kubernetes, it's very different because state is separated from the applications in persistent volumes. "
Kubernetes takes away a lot of the pain of ensuring high availability and scalability of applications and services, but these benefits, unfortunately, do not extend to data. In Kubernetes environments, data management must be a critical priority but legacy data management technologies, which would cover operations like backup/restore, disaster recovery and application migration, are outclassed by the inherent agility, scalability and performance of cloud native systems. Because of the rapid application growth and increased production deployments at scale, many enterprises have to maintain a focus not just on the application development lifecycle, but also "Day 2" operations and the challenges of applications and services in production. These include data management, security, and observability. Although Kubernetes' capacity for data replication and portability can enhance a system's reliability, it doesn't protect developers and operators against infrastructure failures, data corruption, or data loss.
OpenShift Container Storage users will be able to access these data resilience features and configurations either through the OpenShift user interface or via the OpenShift APIs for Data Protection (OADP), which also enable Red Hat's partner ecosystem to integrate their data protection solutions with OpenShift. Enabling IT teams to use both their existing solutions and knowledge, said Brey, is a big part of this launch. "Organizations are finally realizing this Kubernetes thing isn't gonna go away. It's real. Even DB2 databases now can run on Kubernetes. Your data protection team, all the knowledge, all the tools, all the infrastructure that they've built, that $3 million that they've invested — you don't need to throw that away, " said Brey. "There's a lot of distilled knowledge that IT organizations have on how to do a backup. We're not going to ask you to throw away all that knowledge and relearn how to do backup and restore, for instance, with Kubernetes. To this end, Brey said Red Hat OpenShift Container Storage launched with three storage vendors who will support the new functionality, including TrilioVault for Kubernetes, IBM Spectrum Protect Plus, and Kasten K10, with several more on the way.
In fact, if there is a coding error that accidentally leads to a deleted database, that error will be faithfully replicated along with everything around it, leading to further data loss. Without a separate and appropriate data management system in place, an enterprises' high-value data, and the applications and services that rely on it, can remain exposed, creating the widespread potential for business risk. A recent study by the Cloud Native Computing Foundation revealed that more than 40% of its survey respondents were using Kubernetes for storage, and 55% of the remaining respondents were planning to do so. These dangers are more than theoretical — there are far more at-risk workloads and datasets running on Kubernetes today than most IT folks realize. As that trend continues, opportunities for the introduction of risks multiply. Of course, the temptation to delegate backup and restore responsibilities to legacy tools built for legacy infrastructure is understandable; it's worked in the past, it's immediately available, and it requires no additional investment.
Dell and IBM are in the Leader's quadrant as before but in other changes: Commvault and Veeam are the top two in the leaders quadrant but Veeam has overtaken Commvault with a higher ability to execute. Veritas is a leader for the fifteenth time in a row, and Commvault for nine years in a row Acronis moves from niche player to visionary. The MQ report says Acronis has a widening capability gap and "trails competition in its ability to provide comprehensive data protection capabilities for public cloud, hyperconverged infrastructure (HCI) and network- attached storage (NAS) environments. " MicroFocus, a niche player in 2019, no longer in the MQ. Actifio moves higher up the visionaries' quadrant with Gartner noting limited presence outside North America, lack of tape support, and its "list price for software licenses and annual maintenance is higher than most vendors evaluated in this research". In response, an Actifio spokesperson told us: "Gartner relies on revenue and growth for its Ability to Execute axis.
Companies that sell hardware, be they appliances or "bricks, " get what one might call an unfair advantage (in this case a spot in the Leaders quadrant) compared with vendors with pure software or SaaS models. " Like Arcserve, niche player Unitrends did not respond to Gartner requests for supplemental information. Gartner awards so-called Honourable Mentions to certain other backup suppliers; Clumio, Druva, HYCU, and Zerto. Clumio, HYCU and Zerto were not included in the MQ because they did not meet Gartner's revenue criteria. Druva was not included as it did not meet the criteria for minimum number of enterprise backup customers that deployed the solution at the scale. As a reminder, Gartner's Magic Quadrant is a 2-axis chart plotting Ability to Execute" along the vertical axis and Completeness of Vision along the horizontal axis. There are four subsidiary quadrants or squares; Challengers and Leaders along the top, and Niche Players and Visionaries along the bottom. Here's last year's backup and recovery MQ for comparison;