Why Your Zero Trust Security Strategy Needs to Include Data Backup and Disaster Recovery

The security maxim has been “Trust but verify” for a long time. Unfortunately, that doesn’t work anymore. In today’s borderless, global, mobile, hybrid, cloud-based environment, traditional security approaches aren’t enough, and nobody is to be trusted, including employees, customers, and partners.

The idea that you can build a protective moat around your enterprise—where interactions inside the castle are trusted, and all interactions outside the castle are not—is hopelessly outdated. Now there’s a better way. Zero trust replaces outdated security strategies because it demands that organizations entirely remove trust from the equation by denying access to everyone. And IT pros are clearly seeing the approach's benefits, with the global zero trust market projected to reach $52 billion by 2026.

Zero Trust: Authenticate and Authorize Every Connection

Zero trust is all about evaluating the security posture of users based on location, device, and behavior to determine if the users are who they claim to be. Zero trust is also about granting just enough privilege, just in time, so that users can perform their needed tasks and operations—and nothing more.

With zero trust, only minimum permissions are granted at just the right time to get a job done. Those permissions are then revoked immediately upon completion of the job or transaction. A zero trust security approach authenticates and authorizes every connection. One example is when a user connects an application or software to a data set via an application programming interface (API).

The U.S. government recently announced that it is moving toward a zero trust approach to cybersecurity to dramatically reduce the risk of cyberattacks against the nation’s digital infrastructure. To that end, the Cybersecurity and Infrastructure Security Agency (CISA) offers its zero trust maturity model and recently published Applying Zero Trust Principles to Enterprise Mobility to help you put these protections in place.

The bottom line is that today’s security is not secure. You must assume bad actors will inevitably get in. So you need to do everything you can to minimize your attack surface and protect your business-critical data from being damaged or destroyed.

Zero Trust in Data Backup and Disaster Recovery

You also need to be exceptionally vigilant about your data backup and recovery strategies within your zero trust strategy. The concept of constantly verifying, continuously authenticating, and always logging who is going where and doing what should apply to regular operations and application usage. It should also apply to your data backup and recovery processes—it’s critical that you know who is initiating that backup and where they are backing up the data.

It’s also essential to ensure that, regardless of the applications you’re using for your backup and recovery, you have embedded authentication mechanisms like multifactor authentication (MFA), identity access management (IAM), and role-based access controls (RBAC). Say a worker needs to have data recovered from a laptop. What are the credentials that allow this employee to restore the machine? What permissions were granted, and do those permissions need to be changed to reflect a new set of requirements? If your IT team is restoring a laptop set up a year ago, who ensures no one else has access to that machine? A zero trust approach to data backup and recovery can go a long way toward resolving these questions while further securing your organization’s data.

The good news is that adopting zero trust for backup and recovery can simply mean extending the security controls you already use within your environment. For example, applying MFA to your backup and recovery processes can go a long way toward ensuring users are whom they say they are, adding stronger protections to your organization.

Immutable storage should also be part of your zero trust initiative. Immutability is when data is converted to a write-once, read many times format. This technology safeguards data from malicious intent by continuously taking snapshots of that data every 90 seconds. Because the object store is immutable, you can quickly restore data even if someone tampers with it.

As data breaches grow in volume and complexity, you need to consider novel approaches to strengthen your protection against cyber threats. Zero trust is not a specific technology or architecture. Instead, it’s a new way of thinking that can help you achieve robust threat protection and gain next-level security.

Learn More About Zero Trust

To get help putting your zero trust security strategy in place, find an expert Arcserve technology partner. You can also check out our no-obligation free trial offers or contact us for product details.