Seventy-three percent, that’s the percentage of organizations that have been affected by at least two ransomware attacks in the past year, according to the Veeam Ransomware Trends Report 2022. In most cases, the path of criminals to the corporate network goes through the weakest element of digital defense: the human being. Phishing is and remains the means of choice for hackers and data thieves to gain unauthorized access, as Verizon’s latest report on data breaches confirms. While backups often act as the last bulwark against extortionists, the right credentials can crack even this stronghold. Therefore, companies must be increasingly aware that an unwanted threat also comes from their own employees. The best way to manage this risk is through zero trust.
Focus on processes and not hardware
Zero Trust is not a stand-alone product, but rather a paradigm that is embedded in the company culture. IT administrators must weigh which employees should have access to which content, applications, networks, and data. This premise also holds true for storage, because: Backups are, in many situations, the lifeline that can maintain a company’s ability to do business. However, if this anchor is damaged, downtime increases rapidly and recovery becomes almost impossible. Therefore, storage-related roles and rights must be assigned with due care. Only specialized personnel and storage administrators should be able to access the backups. But what happens if a user account of these same administrators falls into the wrong hands?
Implementing Zero Trust in storage is a time-consuming process that needs to be checked regularly
Inviolability as a security tool
To permanently ensure that backups don’t end up in the wrong hands, the only viable path is to make them more durable in case of immutability failures. This means, in the realm of storage, that backups must be immutable and only allow the read option. This prevents all data and backups from being lost in the event of an infiltration, for example by ransomware. The possibilities, so that your backup is not tampered with, range from Air-gapped solutions to AWS S3 object locking; the arguments for the various variants are quickly found. However, it is important that they are implemented as a fundamental part of the backup strategy. This ensures that backup security remains intact when access falls into the wrong hands, and data can always be restored in the event of an emergency and can be deleted at any time.
Zero Trust in modern data protection is a process
Implementing Zero Trust in storage is a time-consuming process that needs to be tested regularly to ensure continued security. Phishing will continue to be one of the biggest threats to businesses and their data, while the employee will continue to pose the biggest security risk. On the contrary, if the seats and rights have been assigned correctly according to the Zero Trust paradigm, the risk is minimized to the maximum. This keeps backups as the bulwark against ransomware that they are supposed to be.
By Rick Vanover, Senior Director of Product Strategy at Veeam
George is Digismak’s reported cum editor with 13 years of experience in Journalism