Michael Cade, Global Field CTO, Cloud-Native Product Strategy, Veeam

Container technology has been around for some time, and recent reports suggest that we are approaching a tipping point in container usage. Despite this, the way most businesses are protecting their containers is still unfit for purpose. Recent findings suggest that Kubernetes (K8s) clusters belonging to more than 350 organisations, (including several Fortune 500 companies) are currently “openly accessible and unprotected”.

A 2023 report from Enterprise Strategy Group described the container market as “red hot”. Nearly half (47%) of businesses surveyed are using containers currently, while 35% are planning on doing so in the next 12 months; that’s 82% of organisations using containers by the end of 2024.

It’s a common conflation that containers equal Kubernetes. But while it’s simply a platform for managing containers, the report indicates it is becoming the standard. Currently, 66% of organisations use Kubernetes to manage and orchestrate their containers.

But “red hot” describes container usage in more ways than one. With current practices, far too many businesses risk getting burnt. According to the same report, less than half of companies that have implemented containers made data protection part of the architecture design process. Only 19% considered how to protect their containers after implementation was complete, and 33% carried on using existing data protection tools and processes as they would have on a ‘normal’ application. This is symptomatic of the knowledge gap around containers and Kubernetes.

While traditional backup solutions focus primarily on Virtual Machines (VMs) or file-level backups, Kubernetes demands a more nuanced approach, given its dynamic and cloud-native nature. Backing up a container-based environment with a traditional backup solution is like trying to take a snapshot of a city with a photograph. Sure, you might capture the buildings, but you won’t have a sense of the flow of traffic, or what’s happening inside or underground.

Businesses think the solution works because they have backups so they don’t see the difference until a cyber attack happens. As soon as they try to recover the container-based environment using this backup, they realise that their image-based backup can’t “see” the K8s clusters. A traditional solution will only back up the VM that holds the containerised environment, leading to all kinds of potential issues, including incomplete backups, inconsistent states, inefficiency, and security gaps.

Understanding the need to protect containers with a system that understands containers is the first step. Secondly, when implementing Kubernetes, data protection needs to be part of the plan from the onset to ensure the efficiency of resources (in computing and financial terms), the opportunity to test and validate, and, most crucially, ensuring reliable and fast recovery.

In reality, backup is the easy part, it’s the recovery that’s hard. Building with recovery in mind against clear KPIs, namely Recovery Point Objective (RPO) and Recovery Time Objective (RTO), is essential, and this is infinitely easier to achieve when it’s part of the plan from day one.

That’s not to say, “If you haven’t thought about it yet, don’t bother”. According to the Veeam Data Protection Trends Report 2023, 85% of organisations suffered at least one cyber attack in 12 months, up from 76% in the prior year. Organisations need to have proven and tested backup and recovery plans in place. If that work is being done after the design of a containerised environment, it may take some redesign and refactoring, but that’s better than being unprepared during a successful ransomware attack.

Learn more at www.veeam.com or follow Veeam on LinkedIn @veeam-software and X @veeam.

What many developers still need to understand about protecting containers