Is Zero Trust Enough?

Why Zero Access Is a Better Way To Protect Your Backup Infrastructure

By Greg Tevis, Vice President of Strategy, Cobalt Iron

Backup has always been seen as the last line of defense in data security. After all, if your backups are safe, then you can recover from most forms of attack. That’s why as much as 93% percent of ransomware attacks these days may be going after backup data — to thwart that last line of defense. If attackers can get to the backup data, then they have the upper hand.

Right now, the zero-trust approach to data and resource security is all the rage. Every large backup vendor touts it. It’s almost a knee-jerk reaction to invoke zero trust as the way to prevent these attacks.

To understand why that is, it helps to first understand the logic behind zero trust.

Traditionally, each user of a computer resource (e.g., data, network, system, or database resource) would have a login, and if that login is verified once, then that user would be privileged to move around and conduct tasks anywhere inside the domain of that resource. For example, with access to Active Directory, they could change who and what gets access to your network assets. With access into Exchange, they could make changes to the databases and so on — all with a single login. The idea behind zero trust is to challenge that single set of user credentials to a resource by requiring a second or multiple types of authentication. Hence the terms two-factor authentication (2FA) and multifactor authentication (MFA). This often involves an email or text to a known ID containing an authentication code to further validate the authentication request. In doing so, zero trust helps to stop ransomware attackers and programmatic attacks from moving around production networks and accessing different zones of an IT infrastructure. With the zero-trust approach, a user attempting to access a resource is never trusted by default, even if they are already part of the corporate network. Access is granted only after successful validation using two or more methods of verification. In that sense, zero trust makes data protection a lot stronger than in the old days.

But zero trust isn’t foolproof, as we saw recently with the attack on the MGM in Las Vegas. Hackers reportedly tricked MGM’s help desk into providing an employee’s credentials, bypassing the protection zero trust was designed for. Hackers are devising multilayered hacks, so they’re ready for 2FA and know how to get around it.

There’s no question that zero-trust security is worthwhile. But it still implies granting access. That’s the whole point. And as proven by the MGM attack, when there’s access, there can be damage. That’s especially scary when it comes to the backup environment.

Zero Access®: a better way

But what if there was no access to the backup infrastructure at all? That’s the idea behind the Zero Access security model.

Zero Access means just that: With this unique architecture, logins and access for normal operational management of the data protection infrastructure are eliminated. This removes the need for even zero-trust-level access to backup infrastructure components, including the backup server, the operating system, the backup server software, the backup catalog, backup storage, and the backup network. Users don’t even have logins for those components. Instead, the only thing that can get in is a hermetically sealed automation engine. Removing direct operational accessibility to these resources eliminates vulnerabilities to cyber attacks on the backup landscape.

Zero Access doesn’t mean giving up control of your data.

With a Zero Access backup architecture, everything you use to run your business — servers, domains, devices, applications, etc. — remains completely within your control, and you continue to maintain access and logins to all of those resources. You also set your own backup policies — when and what to back up, how long to keep the backups, etc. — and control access to the backup GUI, where those policies are configured. The solution collects the backup data from the servers and applications it’s protecting and puts it into vaulted storage within your company’s security domain. And because there’s no access to any hardware or software component of the backup environment, all backup data ingested into a Zero Access architecture is immutable. An automation engine manages the entire backup infrastructure, ensuring the components carry out their tasks according to policy.

What happens if I need to restore my data?

No business seems to be immune from cyber attacks. In a worst-case scenario, a ransomware attack could get into Active Directory, gain all usernames and passwords, and wipe out all production data. And yet the data in the backup environment would still be safe because it lives in a Zero Access infrastructure. There is no bridge from the compromised credentials into the Zero Access environment because there are no logins. The only access to that infrastructure comes from the backup provider’s automation engine, which manages components and executes tasks according to the policies you’ve set.

If hackers were to attack your business operations, you’d be able to restore a copy of your backup data thanks to Zero Access. Once you’ve started to rebuild the production system so that there’s somewhere to restore to, you can start to install restore tools onto those systems that will be able to recover the data. Then you’d simply log in to the backup GUI and follow the recovery procedure. And remember: You’re only restoring a copy of the data; there’s no way to compromise or destroy the original backup data, which remains safely locked away.

While the zero-trust approach sounds great, and it plays an important role in protecting the business environment, it is not the pinnacle of security that some backup vendors make it out to be … especially when it comes to precious backup data. You must protect your backup environment at all costs. The best way to keep bad actors out of your backup environment is to make sure there’s no access at all. And for that, Zero Access offers much higher security than zero trust. The best part is that Zero Access security protection for backup is available today.

About the Author

Greg Tevis, vice president of strategy at Cobalt Iron, has worked for 42 years in the storage and data protection market helping companies develop data protection and cybersecurity solutions. Tevis is recognized as an industry expert in storage technologies, particularly storage management. He has 42 U.S. patents, with several more pending. He can be reached at [email protected] (linkedin.com/in/greg-tevis-10a5042). More information about Cobalt Iron is available at cobaltiron.com.

Zero Access® is a registered trademark of Cobalt Iron, Inc.