Zero Trust in storage: Protecting the bulwark
Seventy-three percent - that's the percentage of organizations that have been affected by at least two ransomware attacks in the past year, according to the Veeam Ransomware Trends Report 2022. In most cases, the criminals' path into the corporate network leads through the weakest element of the digital defense: humans. Phishing remains the means of choice for hackers and data thieves to gain unauthorized access - as confirmed by the latest Verizon Data Breach Report. While backups are often able to act as a last bulwark against extortionists, the right credentials can crack even this bastion. As a result, companies must become increasingly aware that their own employees also pose an unwanted threat. The best way to manage this risk is through Zero Trust.
Focus on processes instead of hardware
Zero Trust is not a standalone product, but a paradigm that is woven into the corporate culture. IT administrators must weigh which employees should have access to which content, applications, networks and data. This goes double for storage, because: Backups are, in many situations, the lifeline that can keep companies running. However, if this anchor is damaged, downtime increases rapidly and recovery is made nearly impossible. Therefore, roles and rights related to storage must be assigned with appropriate caution. Only dedicated staff and storage administrators should have the ability to access backups. But what happens if a user account of these very administrators falls into the wrong hands?
Immutability as a key tool
The only way to permanently protect backups from the wrong hands is immutability. In the area of storage, this means storing backups in an immutable, read-only manner, so to speak. This prevents all data and backups from being encrypted even in the event of infiltration by ransomware groups, for example. The options for setting up an immutable backup range from air-gapped solutions to the AWS S3 Object Lock - arguments for the different variants can be found quickly. However, it is important that they are implemented as a fixed part of the backup strategy. This guarantees that the reassurance provided by backups remains intact throughout if access falls into the wrong hands, and data can always be restored in the event of an emergency.
Zero Trust in modern data protection is a process
Implementing Zero Trust in storage is a process that takes time and then needs to be looked at regularly to ensure continuous security. Phishing will certainly continue to be one of the biggest threats to organizations and their data, as the employee will remain the biggest risk to the defense. However, if roles and privileges have been assigned according to the zero-trust paradigm, then you minimize that risk as much as at all possible. This keeps backups the bulwark against ransomware that they are supposed to be.
-- Contact us at [email protected]
-
Equip young people for the future Dr. Winnie Tang
In late February, the inaugural flight of an air taxi from Shenzhen Shekou Cruise Homeport to Zhuhai Jiuzhou Port took only 20 minutes with an estimated one-way ticket price of 200 to 300 yuan per
-
Are we raising a generation of leaders, or of followers? Brian YS Wong
The essence of education is defined not by the facts it imparts, but the potential knowledge it inspires students to individually pursue on their own. Put it this way – the ideal form of education
-
The urgent need for reforms to sex education in Hong Kong Sharon Chau
Nearly one in every four university students (23%) in Hong Kong has been sexually harassed, according to a 2019 report published by the Equal Opportunities Commission (EOC). A 2019 study found that
-
STEAM should be linked to real life Dr. Winnie Tang
In the 2017 Policy Address, STEM (science, technology, engineering and mathematics) education was proposed as one of the eight major directions to promote I&T development. Since then, funding has
-
Let trees speak for themselves Dr. Winnie Tang
I often say that smart cities start with smart planning, but smart planning presupposes adequate, systematic and up-to-date data. This is important not only for city administration, but also for tree