Use zero-trust data management to better protect backups
Backup admins looking to protect data from bad actors can implement a zero-trust strategy for added protection. However, the method is not without its downsides.
When it comes to data backups, "trust, but verify" won't always cut it. The famous proverb may be helpful in some areas, but data protection pros know that trust isn't easily given.
A zero-trust data management strategy requires an organization to authenticate, authorize and frequently validate all members before granting them access to applications or data. This strategy applies to members both inside and outside of the company firewall and is an appealing option for organizations concerned about protecting data backups.
Organizations often implement rigid policies like zero-trust data protection in response to two common issues: human error and cyber attacks. Complete, secure backups are required for a full recovery after data loss, so a heavy-handed protection policy is often justified.
Trust nothing, verify everything
"The principle is to never assume any access request is trustworthy. Never trust, always verify," said Johnny Yu, a research manager at IDC. "Applying [that principle] to data management would mean treating every request to migrate, delete or overwrite data as untrustworthy by default. Applying zero-trust in data management means having practices or technology in place that verify these requests are genuine and authorized before carrying out the request."
Data backup software can potentially be accessed by bad actors looking to delete backup data or alter data retention settings. Zero-trust practices use multifactor authentication or role-based access control to help prevent stolen admin credentials or rogue employees from exploiting data backup software.
"Zero-trust strategies remove the implicit trust assumptions of castle-and-moat architectures -- meaning that anyone inside the moat is trusted," said Jack Poller, a senior analyst at Enterprise Strategy Group. "Instead, the approach is to trust nothing, verify everything and apply the principle of least privilege access -- provide only the access necessary for the user or application to do their job. No more, no less."
What zero-trust data management looks like
The end goal of a zero-trust data management system for backup and recovery is to ensure the integrity of the process by preventing intrusions, ensuring data security, detecting anomalous activity, and complying with internal and external policies and regulations.
"Applying zero-trust principles means ensuring that the backup system is granted privileges only for the duration of the backup or recovery, or just in time, and cannot access systems or the backup data storage environment outside of the backup or recovery process," said Poller. "Each transaction is explicitly and continuously authenticated and authorized. And access to the backup data is restricted to the backup system, with no or very limited access for users."
In order to determine trust, the user needs to be authenticated using strong phishing resistant methods. Typically, this means either strong, phishing resistant multifactor authentication (MFA) or password-less authentication, such as FIDO2, biometric data or security keys. Some forms of MFA, such as SMS-based authentication, are more susceptible to phishing than others.
Organizations looking to reduce risk and bolster their ransomware defense will want to apply zero-trust practices to their data protection strategies, Yu said. Some data protection vendors already offer the technology to support this in their products, including Dell, Microsoft and Rubrik.
Still, there are disadvantages to a zero-trust data management strategy.
"The downsides are that zero-trust data management is in its infancy, and early implementations may be more complex," Poller said. "Integrating with the organization's identity management infrastructure for identity security, which provides strong authentication and authorization, may impact deployment."
If a zero-trust tool has its own identity infrastructure, that may result in multiple silos and identity sprawl, Poller said. "This can affect deployment schedules, impact other tools and generally introduce additional complexity into an already complex environment."