Page 81 - Cyber Defense eMagazine March 2024
P. 81
could make changes to the databases and so on — all with a single login. The idea behind zero trust is
to challenge that single set of user credentials to a resource by requiring a second or multiple types of
authentication. Hence the terms two-factor authentication (2FA) and multifactor authentication (MFA).
This often involves an email or text to a known ID containing an authentication code to further validate
the authentication request. In doing so, zero trust helps to stop ransomware attackers and programmatic
attacks from moving around production networks and accessing different zones of an IT infrastructure.
With the zero-trust approach, a user attempting to access a resource is never trusted by default, even if
they are already part of the corporate network. Access is granted only after successful validation using
two or more methods of verification. In that sense, zero trust makes data protection a lot stronger than in
the old days.
But zero trust isn’t foolproof, as we saw recently with the attack on the MGM in Las Vegas. Hackers
reportedly tricked MGM’s help desk into providing an employee’s credentials, bypassing the protection
zero trust was designed for. Hackers are devising multilayered hacks, so they're ready for 2FA and know
how to get around it.
There’s no question that zero-trust security is worthwhile. But it still implies granting access. That’s the
whole point. And as proven by the MGM attack, when there's access, there can be damage. That’s
especially scary when it comes to the backup environment.
Zero Access®: a better way
But what if there was no access to the backup infrastructure at all? That’s the idea behind the Zero Access
security model.
Zero Access means just that: With this unique architecture, logins and access for normal operational
management of the data protection infrastructure are eliminated. This removes the need for even zero-
trust-level access to backup infrastructure components, including the backup server, the operating
system, the backup server software, the backup catalog, backup storage, and the backup network. Users
don’t even have logins for those components. Instead, the only thing that can get in is a hermetically
sealed automation engine. Removing direct operational accessibility to these resources eliminates
vulnerabilities to cyber attacks on the backup landscape.
Zero Access doesn’t mean giving up control of your data.
With a Zero Access backup architecture, everything you use to run your business — servers, domains,
devices, applications, etc. — remains completely within your control, and you continue to maintain access
and logins to all of those resources. You also set your own backup policies — when and what to back
up, how long to keep the backups, etc. — and control access to the backup GUI, where those policies
are configured. The solution collects the backup data from the servers and applications it’s protecting
and puts it into vaulted storage within your company’s security domain. And because there’s no access
to any hardware or software component of the backup environment, all backup data ingested into a Zero
Cyber Defense eMagazine – March 2024 Edition 81
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.