Zero Trust in storage: Protecting the bulwark

Seventy-three percent - that's the percentage of organizations that have been affected by at least two ransomware attacks in the past year, according to the Veeam Ransomware Trends Report 2022. In most cases, the criminals' path into the corporate network leads through the weakest element of the digital defense: humans. Phishing remains the means of choice for hackers and data thieves to gain unauthorized access - as confirmed by the latest Verizon Data Breach Report. While backups are often able to act as a last bulwark against extortionists, the right credentials can crack even this bastion. As a result, companies must become increasingly aware that their own employees also pose an unwanted threat. The best way to manage this risk is through Zero Trust.
Focus on processes instead of hardware
Zero Trust is not a standalone product, but a paradigm that is woven into the corporate culture. IT administrators must weigh which employees should have access to which content, applications, networks and data. This goes double for storage, because: Backups are, in many situations, the lifeline that can keep companies running. However, if this anchor is damaged, downtime increases rapidly and recovery is made nearly impossible. Therefore, roles and rights related to storage must be assigned with appropriate caution. Only dedicated staff and storage administrators should have the ability to access backups. But what happens if a user account of these very administrators falls into the wrong hands?
Immutability as a key tool
The only way to permanently protect backups from the wrong hands is immutability. In the area of storage, this means storing backups in an immutable, read-only manner, so to speak. This prevents all data and backups from being encrypted even in the event of infiltration by ransomware groups, for example. The options for setting up an immutable backup range from air-gapped solutions to the AWS S3 Object Lock - arguments for the different variants can be found quickly. However, it is important that they are implemented as a fixed part of the backup strategy. This guarantees that the reassurance provided by backups remains intact throughout if access falls into the wrong hands, and data can always be restored in the event of an emergency.
Zero Trust in modern data protection is a process
Implementing Zero Trust in storage is a process that takes time and then needs to be looked at regularly to ensure continuous security. Phishing will certainly continue to be one of the biggest threats to organizations and their data, as the employee will remain the biggest risk to the defense. However, if roles and privileges have been assigned according to the zero-trust paradigm, then you minimize that risk as much as at all possible. This keeps backups the bulwark against ransomware that they are supposed to be.
-- Contact us at [email protected]
-
Is 2023 a year of expensive travel? Ben Kwok
How much are you willing to pay for your first trip in three years? Well, depending on who and when, it could be quite costly for Hong Kong travellers. Travellers who want to go outside Hong Kong
-
Environmental performance of old buildings needs to be improved Dr. Winnie Tang
At least 500 new buildings are constructed in Hong Kong every year which generates substantial carbon emissions. The construction industry must urgently look for more environmentally friendly
-
Emissions reduction a top priority for the construction industry Dr. Winnie Tang
The extreme weather around the world recently has forced us to think seriously about the big issue of global warming. Buildings currently account for nearly 40% of energy-related carbon emissions
-
Attorneys-General and ignorance Neville Sarony
Two recent outings by ex-Attorneys-General, one in the UK and the other in Hong Kong, in which they both demonstrated staggering ignorance of the law prompted me to consider the shortcomings of
-
Can the youth speak? Brian YS Wong
A specter haunts the way we think about the youth in our city. The specter is a fundamental failure to take their agency seriously. The most obvious means by which this failure manifests, of course,