Zero-trust security must include data backup and recovery

Issue 2 2022 Infrastructure

Who can you trust? The straight answer to that question is – nobody. Unfortunately, in today's digital world, the reality of the situation is that the old security maxim of 'trust but verify' is no longer adequate. We deal with borderless, global, mobile, hybrid and cloud-based environments where traditional security approaches do not work, and nobody is to be trusted, including employees, customers and partners.

Byron Horn-Botha.

The notion of a protective shield surrounding your organisation where interactions perceived as trusted and therefore safe, and exchanges outside of it are not safe, is outdated and naive. Zero Trust is a better approach and constitutes an antidote to stale security strategies because it demands organisations entirely remove trust from the equation by denying access to everyone.

Zero trust thinking

Zero Trust is not a specific technology or architecture. Instead, it's a new way of thinking that can help you achieve robust threat protection and gain next-level security. It is about evaluating the security posture of users based on location, device and behaviour to determine if they are who they claim to be. It is also about granting just enough privilege, just in time, so that users can perform work required tasks and operations.

With this model, only minimum permissions are granted at just the right time to get a job done. Such permissions are then revoked immediately upon completion of the project or transaction. A Zero Trust security approach authenticates and authorises every connection, for example, when a user connects to an application or to a data set via an application programming interface (API).

Gartner predicts that by the end of 2023, modern privacy laws will cover the personal information of 75% of the world's population.

GDPR was the first significant legislation for consumer privacy. Still, others quickly followed it, including Brazil's General Personal Data Protection Law (LGPD) and the California Consumer Privacy Act (CCPA). The sheer scope of these laws suggests you'll be managing data protection legislation in various jurisdictions, and customers will want to know what kind of data you're collecting and how it's being used. It also means you'll need to focus on automating your privacy management system. Standardise security operations using GDPR as a base and adjust for individual jurisdictions.

According to Gartner, the percentage of nation-states passing legislation to regulate ransomware payments, fines and negotiations will rise to 30% by 2025, compared to less than 1% in 2021.

That is a significant jump, as shown by the recent US government announcement that it is moving towards a Zero Trust approach to cybersecurity to dramatically reduce the risk of cyberattacks against the nation's digital infrastructure.

Gartner further predicts that by 2025, 60% of organisations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements, and 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member. These predictions show that compliance is increasingly front and centre for C-suite executives in the management of businesses.

The fact is that organisations must assume bad actors will inevitably get in, and they must do everything to minimise their attack surface and protect business-critical data from being damaged or destroyed.

A successful zero trust strategy

Companies need to be vigilant concerning data backup and recovery strategies. The concept of constantly verifying, continuously authenticating, and always logging who is going where and doing what should apply to regular operations and application usage. It should also apply to data backup and recovery processes. It is crucial to know who is initiating backups and to where they are backing up the data.

It's also essential to ensure that whatever applications you're using for backup and recovery, those applications have embedded authentication mechanisms such as multi-factor authentication, identity services and role-based access.

One example is a worker who needs to have data recovered from their laptop. What are the credentials that allow this employee to restore the machine? What permissions were granted, and do those permissions need to be changed to reflect a new set of requirements? If the IT team is restoring a laptop set up a year ago, who ensures no one else has access to that machine? Zero Trust in data backup and recovery goes a long way to resolving these questions while securing enterprise data further.

Immutable storage should also be part of any Zero Trust initiative. Immutability is when data is converted to a write-once, read many times format. Immutable storage safeguards data from malicious intent by continuously taking snapshots of that data every 90 seconds. Because the object store is immutable, you can quickly restore data even if someone tampers with it.

As data breaches grow in volume and complexity, businesses must consider creative approaches to strengthen their protection against cyber threats. Still, it must be built around a Zero Trust security model – without it, breaches are guaranteed.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Enhanced cellular connectivity is critical for farm safety
Infrastructure Agriculture (Industry)
In South Africa, the safety of our rural communities, particularly on farms, is a pressing concern. Nearly 32% of South Africa’s 60 million people live in these areas, where security challenges are constantly in the spotlight.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Revolutionising networking technology for the future
Infrastructure IoT & Automation
[Sponsored] In the fast-evolving landscape of networking technology, RUCKUS Networks stands out as a trailblazer, offering innovative solutions that redefine connectivity experiences across various industries.

Edge could help transform South Africa’s healthcare
Axis Communications SA Infrastructure
Edge computing has emerged as a game-changing technology for many industries, and the healthcare sector is no exception. In particular, South Africa’s healthcare industry could significantly benefit from the potential of this technology.

Cloud platform for cyber resilience in the hybrid enterprise
The Commvault Cloud brings together data protection, security, intelligence, and recovery on one platform, offering AI capabilities to defeat cyber threats, and includes integration with Microsoft Azure OpenAI Service.

Rapid rise in DNS attacks drives demand for new approach
Infrastructure Risk Management & Resilience
As ransomware grows more sophisticated and DNS attacks become more frequent, businesses are increasingly trying to protect themselves by adopting innovative approaches and technologies to bolster the integrity and security of their backup systems.

Majority of South African companies concerned about cloud security
Information Security Infrastructure
Global and local businesses share a common concern when it comes to cloud security. 95% of global businesses and 89% of local businesses are concerned about the security of public clouds.

Consolidated cybersecurity management
Technews Publishing Editor's Choice Information Security Infrastructure
SMART Security Solutions spoke to Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro, to find out what makes Trend stand out from the crowd and also its latest market offerings.

Access to data centre secured
Suprema Access Control & Identity Management Infrastructure
GBM required a modern access control system to increase the security of its facilities in a productive environment without affecting the operation of the offices and the data centre, which are carried out 24/7/365.

Africa’s growth lies on shoulders of renewable energy
News & Events Infrastructure
The Africa Tech Festival from 13 to 16 November in Cape Town will unpack the challenges and discuss the pivotal role of sustainability & renewable energy in advancing technological development in Africa.