Enterprises are under increasing pressure to rapidly build and deploy new software applications to grow their businesses. As a result, more are turning to container technologies, which allow them to develop, deploy and manage software faster and more efficiently at an unprecedented scale.
Research from ESG finds that “containers adoption is in full acceleration and in a position to become the go-to choice for production development in 24 months.” As a result, Kubernetes will continue to grow as containers become the more widely used platform for production deployment, ahead of virtual machines.
While there are many benefits of using Kubernetes container technology, its security and data protection can often be difficult to control. Legacy tools and processes simply don’t meet its requirements as a cloud native platform.
Unlike more mature virtual environments, Kubernetes has fewer guardrails to make sure that new workloads are configured correctly for data protection. With this in mind, IT teams should consider the following top six ways to maximize data protection in relation to Kubernetes. These include:
1. Protect Container Pipelines
The data protection requirements for systems that create the containers as part of the Continuous Integration and Continuous Delivery (CI/CD) pipeline are regularly overlooked.
These include tools such as build servers and code and artifact repositories that store containers and application releases, along with components such as configuration scripts (such as Docker files and Kubernetes YAML files) and documentation.
As important stages in the CI/CD pipeline, protecting these workloads also ensures that most of the pipeline that publishes applications is also more effectively protected for quicker resumption.
2. Add Persistent Storage to Containers
Protecting persistent application data is another important new component of any container data protection strategy. Previously, containers were preferred for stateless workloads, and storing any data in a container was immature.
As technologies have advanced, both the underlying container runtimes and Kubernetes plugins now can fully support a diverse variety of persistent workloads, including managing the state of applications.
This means that while the container images themselves are transitory, and any file system changes are lost after the running container is deleted, there are now various options for adding stateful, persistent storage to a container. Even enterprise storage arrays already in use in on-premises data centers can provide stateful storage to Kubernetes clusters. Data protection strategies and the choice of platform must operate with these capabilities top of mind.
3. Protect Developer Cloud Services Resources
Many organizations use cloud services for object and file storage because it’s easy to implement and consume; however, it does have some disadvantages. Often, cloud services that developers access via containerized applications to do their work exist outside the control of those overseeing data protection.
In fact, unknown persistent storage resources can lead to a risk of unprotected and insecure data — without security, backup, and disaster recovery — among other issues.
Organizations must ensure a consistent approach to accessing and managing cloud storage so developers can use the services they need, while their colleagues can maintain oversight, security and overall responsibility for data protection.
4. Deploy a ‘Data Protection as Code’ Strategy
Organizations need to adopt data protection and disaster recovery platforms that can effectively balance availability and resilience against the need to facilitate effective development speed across enterprise applications and services. Resilience for containers means being able to protect, recover and move containers without adding more steps, tools and policies to the DevOps process.
Minimizing application downtime and data loss is a priority for any application, especially those that are containerized. Using a native solution, however, will enable a “data protection as code” strategy, whereby data protection and disaster recovery operations are integrated into the application development lifecycle from the outset, and applications are born protected. Organizations adopting this approach can ensure application resilience without any negative impact on the speed, scale and agility of their containerized applications.
5. Evaluate Continuous Data Protection Technology
Using continuous data protection (CDP) technology offers users the reassurance of being able to simply rewind to a previous checkpoint, ensuring a low recovery point objective (RPO).
This approach is not only minimally disruptive but also offers much greater flexibility and availability than a traditional backup approach, where the use of periodic snapshots can be potentially hours behind production systems, leaving gaps in data protection. In contrast, CDP has long been the de facto standard in the VM arena and is rapidly emerging as the most effective option for containers.
6. Avoid Vendor Lock-in
An essential requirement for any container data protection strategy should be to avoid vendor lock-in. Choosing a data protection solution should mean it supports all enterprise Kubernetes platforms and allows data to move to where the application needs to run — without any lock-in to a specific storage platform or cloud vendor so the persistent data remains as mobile as the containers themselves.
By implementing a strategy and platform that can effectively address these areas, organizations can prioritize data protection without compromising the freedom Kubernetes gives developers to create, build, and run applications quickly. Businesses will be able to easily protect, recover, and move applications for intelligent data management and accelerated software development and delivery. In turn, they can achieve maximum return from this increasingly important area of technology investment.
The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Docker.
Feature image via Pixabay.