The Next Phase of Kubernetes Education will Drive Simplification of Deployment
Written by Claude Schuck, Regional Director, Middle East at Veeam Software
Kubernetes is still in its early educational phase as a technology. On Gartner’s Hype Cycle, container management currently sits on top of the peak of inflated expectations. If Kubernetes and other technologies within this category follow the expected trajectory, they will enter the Trough of Disillusionment in the next 12 months – before climbing the Slope of Enlightenment.
This aligns fairly well with where Kubernetes currently is in terms of business deployment. In the Middle East, organizations are waking up to its potential and developing an understanding of where it can deliver real competitive advantage, in the light of the increasing rate of adoption of containers. According to Veeam’s Data Protection Report 2022 69% of organizations in the UAE and 76% of organizations in Saudi are already running containers in production, while 29% and 22% respectively plan to do so in the next 12 months. However, there is a lot of education to be done before IT teams have fully got to grips with how best to deploy Kubernetes.
Over the next 12 months we will see two things happen that will shift perceptions around Kubernetes. The first is that those deploying the technology will start to understand it more, gain confidence in building the business case, and start to demonstrate real ROI. The second is that cloud providers will find simpler ways to serve Kubernetes to organizations, reducing the need for deep technical understanding to deploy it effectively.
Education and Enlightenment
Much of the appetite for learning about how to successfully deploy Kubernetes and the benefits of doing so comes from within the Cloud Native Computing Foundation (CNCF) community. The technical barriers to entry are still relatively high, which is why one of the top challenges identified by organizations looking to deploy Kubernetes is that they lack the necessary in-house skills.
It is often the case that relatively new technologies which experience unprecedented spurts of adoption outpace the market in terms of the skills and infrastructure required to support growth. However, when it comes to Kubernetes, we’re talking about one of the fastest-growing open-source technologies of all time in terms of early adoption. It’s important, therefore, that this process of educating the technical community gathers pace.
Over the next 12 months, we will see the number of learning opportunities increase as the industry looks to address the emerging skills gap. An example of such an initiative is Learning.kasten.io, a Kubernetes learning platform from Kasten by Veeam. The programme aims to equip technical professionals looking to upskill the next generation of tech talent with at least a basic understanding of Kubernetes. This will shorten the learning curve for both experienced and entry-level technologists – burnishing enterprises with a pool of talent that understands Kubernetes and how to get the best out of it.
Making Kubernetes Easy
As well as building a solid pipeline of people who understand and can capably consult businesses on Kubernetes, cloud providers are working on ways to make it easier for IT teams to consume and deploy them without in-house technical proficiency. This will ultimately be one of the major driving forces that takes Kubernetes from being an emerging technology in its experimental stages to established enterprise technology. The success of Anything-as-a-Service (XaaS) proves that organizations are demanding simpler ways to consume and deploy IT through the cloud. Kubernetes will be no exception to this rule.
Currently, Kubernetes is acting as a management platform for containers and among the earliest adopters are established and regulated industries such as banking and financial services. Businesses from other industries are currently evaluating the pros and cons of Kubernetes, looking at whether they can incorporate it into their networks. To accelerate the growing interest of the broader market, major cloud service providers are beginning to offer Kubernetes-as-a-Service (KaaS) – making it possible to operate Kubernetes as a managed service. KaaS is commonly provided via the public cloud, but as its penetration grows organizations will be able to consume similar services through local managed service providers (MSPs) or deploy them on-premises.
The move towards KaaS will significantly drive-up Kubernetes adoption, taking away some of the initial pain and investment required to deploy Kubernetes and enjoy the benefits of delivering applications faster, at a greater scale, and with greater accuracy. No matter how Kubernetes is consumed, organizations looking to take advantage of the opportunity it offers must be aware of the data protection requirements which accompany it. Kubernetes does not significantly change the threat landscape or bridge any cybersecurity gaps. It requires the same Modern Data Protection capabilities as any other type of data on any other type of platform.
Fundamentally, the infrastructure is now closer to the applications with the help of containers, and data backup must be carried out differently to align with this. The number of workloads using stateful data in container environments is increasing alongside data services being deployed within the Kubernetes cluster. Other public cloud tools can be connected to applications running within Kubernetes, which changes the way data is protected. Simply put, backup works differently for Kubernetes than virtualized environments. This is where specialized data protection solutions for backup and recovery of Kubernetes environments such as Kasten by Veeam come into play.
Over the next 12 months, more businesses will get to grips with the many benefits of deploying Kubernetes, while cloud providers find more consumable ways of serving up Kubernetes including KaaS. As well as investing in the skills required to maximize ROI, businesses must seek the advice of data protection experts when deploying Kubernetes to ensure that they are not becoming exposed to new risks. Organisations in the Middle East must be equipped with Modern Data Protection solutions to ensure their data is protected across physical, virtual, cloud, SaaS, and Kubernetes environments at all times.
Threat Assessment: Royal Ransomware
Written by Doel Santos, Daniel Bunce, and Anthony Galiette
Unit 42 has published a blog post detailing the Royal ransomware group, which has been recently involved in high-profile attacks leveraging multi-extortion tactics against critical infrastructure including healthcare and manufacturing. Unlike other major ransomware groups (e.g., LockBit 3.0) that operate on a RaaS model by hiring affiliates to promote their services, this group operates behind closed doors – and comprises former members of the notorious Conti ransomware group.
It is important to note that Royal ransomware extends beyond financial losses to small businesses and corporations. Since 2022, Unit 42 has observed this group impacting local government entities in the US and Europe, most recently the group attacked the city of Dallas. In the last 9 months, Unit 42 incident responders have responded to over a dozen cases involving Royal ransomware.
Below are some additional facts about the group from Unit 42’s findings:
- Since 2022, Royal ransomware has claimed responsibility for impacting 157 organizations on their leak site.
- They have impacted 14 organizations in the education sector, including school districts and universities. In the first few days of May 2023, the group has already impacted four educational institutions.
Royal ransomware has been involved in high-profile attacks against critical infrastructure, especially healthcare, since it was first observed in September 2022. Bucking the popular trend of hiring affiliates to promote their threat as a service, Royal ransomware operates as a private group made up of former members of Conti.
The Unit 42 team has observed this group compromising victims through a BATLOADER infection, which threat actors usually spread through search engine optimization (SEO) poisoning. This infection involves dropping a Cobalt Strike Beacon as a precursor to the ransomware execution. Unit 42 incident responders have participated in 15 cases involving Royal ransomware in the last 9 months.
Royal ransomware also expanded its arsenal by developing an ELF variant to impact Linux and ESXi environments. The ELF variant is quite similar to the Windows variant, and the sample does not contain any obfuscation. All strings, including the RSA public key and the ransom note, are stored as plain text.
Time for the Gaming Industry to Level Up Against DDoS Attacks
Written by Matthew Andriani, CEO, MazeBolt Technologies
Distributed denial of service (DDoS) attacks present a significant threat to organizations as they grow in sophistication and frequency. According to several studies, the average successful DDoS attack in 2022 lasted for over 50 hours, compared to 30 minutes in 2021. As the entertainment world’s largest source of income, the gaming industry has become a prominent target for DDoS attacks. The gaming industry houses several different entities that need protection in tandem with gadgets such as online access for consoles, smartphones, and cloud-based casual games – leaving the door open for cybercriminals to capitalize on the ever-expanding attack surface.
Without adequate visibility into DDoS vulnerabilities, an attacker can exploit thousands of entry points without notice, the only way a successful DDoS attack can occur is because of a vulnerability in the DDoS protection. It may only take one attack for an application to experience downtime, costing the businesses hundreds of thousands to millions in revenue along with their reputation within the gaming space. When an attack does occur, organizations are forced to operate in a reactive scenario that will only disrupt business and risk further downtime. As the DDoS attack surface continues to expand, gaming companies must gain insight into their vulnerabilities to close these gaps in protection and ensure players remain online.
The evolution of DDoS within the gaming industry
There are several enticing factors behind launching a DDoS attack in the gaming industry, including competition, extortion, and at times, disgruntled gamers. Threat actors know exactly how much in revenue and reputational costs a minute of downtime will have on the organization. Competition is a particularly critical factor because if one site goes down, users can easily pass to the next online platform to continue their gaming experience.
Likewise, extortion has become an easy way for attackers to monetize the industry by threatening to attack an online gaming company unless a payment is made, specifically after a demonstration that the threat is real. Online gaming platforms especially house big players in this field with great sums of money at stake, placing a large target on these organizations for cybercriminals to exploit.
There is also a growing trend among disgruntled gamers, known as ‘DDoS for hire’. Individuals no longer need to be knowledgeable about the functions of DDoS attacks, rather, they can have someone else launch the attack on their behalf. Gaming organizations are heavily investing in DDoS protection. The problem is that they are not consistently scrutinizing every vulnerability across the attack surface – the only reason gaming companies are experiencing downtime is because of a vulnerability in the protection they have already implemented.
Deploying a tier-one DDoS protection provider can only ensure around 60% automated protection into the attack surface, the other 40% must be continuously scrutinized with visibility tools. While many of these gaming organizations have the best protection in place, they don’t have the list of vulnerabilities within that solution. Without this critical insight, it’s impossible to manage the vulnerabilities and protect against this growing threat.
A race against time
It’s no longer an if, but when a gaming organization will suffer from a DDoS attack. This is not a new concept to the industry – it is well-known that these attacks are being launched at an alarming rate. To transform DDoS protection processes, gaming companies should start with a trusted solution that continuously identifies vulnerabilities across the attack surface, while speeding up the remediation process to ensure the damaging downtime is minimized.
Once these vulnerabilities are identified, organizations must confirm their closure to provide a more solid defense. At this stage of the process, the company is battling the clock to prevent further damage. Organizations that cannot keep up with this process will continue to experience downtime, and DDoS mitigation vendors not actively engaged in vulnerability management will be at a major disadvantage when working to avoid damaging DDoS attacks.
If you are not at the top of your game with DDoS protection, your organization will be knocked offline, costing millions in downtime and reputational losses.
The Chief Zero Trust Officer: A New Role for a New Era of Cybersecurity
Written by John Engates, Field CTO at Cloudflare
Over the last few years, the topic of cyber security has moved from the IT department to the board room. The current climate of geopolitical and economic uncertainty has made the threat of cyber attacks all the more pressing, with businesses of all sizes and across all industries feeling the impact. From the potential for a crippling ransomware attack to a data breach that could compromise sensitive consumer information, the risks are real and potentially catastrophic. Organizations are recognizing the need for better resilience and preparation regarding cybersecurity. It is not enough to simply react to attacks as they happen; companies must proactively prepare for the inevitable in their approach to cybersecurity.
The security approach that has gained the most traction in recent years is the concept of Zero Trust. The basic principle behind Zero Trust is simple: don’t trust anything; verify everything. The impetus for a modern Zero Trust architecture is that traditional perimeter-based (castle-and-moat) security models are no longer sufficient in today’s digitally distributed landscape. Organizations must adopt a holistic approach to security based on verifying the identity and trustworthiness of all users, devices, and systems that access their networks and data.
Zero Trust has been on the radar of business leaders and board members for some time now. However, Zero Trust is no longer just a concept being discussed; it’s now a mandate. With remote or hybrid work now the norm and cyber-attacks continuing to escalate, businesses realize they must take a fundamentally different approach to security. But as with any significant shift in strategy, implementation can be challenging, and efforts can sometimes stall. Although many firms have begun implementing Zero Trust methods and technologies, only some have fully implemented them throughout the organization. For many large companies, this is the current status of their Zero Trust initiatives – stuck in the implementation phase.
But what if there was a missing piece in the cybersecurity puzzle that could change everything? Enter the role of “Chief Zero Trust Officer” (CZTO) – a new position that we believe will become increasingly common in large organizations over the next year. The idea of companies potentially creating the role of Chief Zero Trust Officer evolved from conversations last year between Cloudflare’s Field CTO team members and US federal government agencies. A similar job function was first noted in the White House memorandum directing federal agencies to “move toward Zero Trust cybersecurity principles” and requiring agencies “designate and identify a Zero Trust strategy implementation lead for their organization” within 30 days. In government, a role like this is often called a “czar,” but the title “chief” is more appropriate within a business.
Large organizations need strong leaders to efficiently get things done. Businesses assign the ultimate leadership responsibility to people with titles that begin with the word chief, such as Chief Executive Officer (CEO) or Chief Financial Officer (CFO). These positions exist to provide direction, set strategy, make critical decisions, and manage day-to-day operations and they are often accountable to the board for overall performance and success.
An old saying goes, “When everyone is responsible, no one is responsible.” As we consider the challenges in implementing Zero Trust within an enterprise, it appears that a lack of clear leadership and accountability is a significant issue. The question remains, who *exactly* is responsible for driving the adoption and execution of Zero Trust within the organization?
Large enterprises need a single person responsible for driving the Zero Trust journey. This leader should be empowered with a clear mandate and have a singular focus: getting the enterprise to Zero Trust. This is where the idea of the Chief Zero Trust Officer was born. “Chief Zero Trust Officer” may seem like just a title, but it holds a lot of weight. It commands attention and can overcome many obstacles to Zero Trust.
Implementing Zero Trust can be hindered by various technological challenges. Understanding and implementing the complex architecture of some vendors can take time, demand extensive training, or require a professional services engagement to acquire the necessary expertise. Identifying and verifying users and devices in a Zero Trust environment can also be a challenge. It requires an accurate inventory of the organization’s user base, groups they’re a part of, and their applications and devices.
On the organizational side, coordination between different teams is crucial for effectively implementing Zero Trust. Breaking down the silos between IT, cybersecurity, and networking groups, establishing clear communication channels, and regular meetings between team members can help achieve a cohesive security strategy. General resistance to change can also be a significant obstacle. Leaders should use techniques such as leading by example, transparent communication, and involving employees in the change process to mitigate it. Proactively addressing concerns, providing support, and creating employee training opportunities can also help ease the transition.
But why does an organization need a CZTO? Is another C-level role essential? Why not assign someone already managing security within the CISO organization? Of course, these are all valid questions. Think about it this way – companies should assign the title based on the level of strategic importance to the company. So, whether it’s Chief Zero Trust Officer, Head of Zero Trust, VP of Zero Trust, or something else, the title must command attention and come with the power to break down silos and cut through bureaucracy.
New C-level titles aren’t without precedent. In recent years, we’ve seen the emergence of titles such as Chief Digital Transformation Officer, Chief eXperience Officer, Chief Customer Officer, and Chief Data Scientist. The Chief Zero Trust Officer title is likely not even a permanent role. What’s crucial is that the person holding the role has the authority and vision to drive the Zero Trust initiative forward, with the support of company leadership and the board of directors.
Getting to Zero Trust security is now a mandate for many companies, as the traditional perimeter-based security model is no longer enough to protect against today’s sophisticated threats. To navigate the technical and organizational challenges that come with Zero Trust implementation, the leadership of a CZTO is crucial. The CZTO will lead the Zero Trust initiative, align teams and break down barriers to achieve a smooth rollout. The role of CZTO in the C-suite emphasizes the importance of Zero Trust in the company. It ensures that the Zero Trust initiative is given the necessary attention and resources to succeed. Organizations that appoint a CZTO now will be the ones that come out on top in the future.