Veeam® Software, a forefront figure in Data Protection and Ransomware Recovery, has unveiled Zero Trust Data Resilience (ZTDR) – a paradigm designed to assist organizations in mitigating the escalating risks associated with data security threats and bolstering their overall resilience. In collaboration with Zero Trust expert Jason Garbis from Numberline Security, ZTDR applies Zero Trust principles to backup and recovery, expanding upon the Cybersecurity & Infrastructure Security Agency (CISA) Zero Trust Maturity Model.
At the core of ZTDR is the concept of segregating backup management systems and their storage tiers into distinct resilience zones. This approach aims to diminish the attack surface and confine the potential impact radius stemming from security breaches. Furthermore, ZTDR incorporates the concept of immutable backup storage, ensuring that data remains unalterable even in the face of a ransomware attack.
In the landscape of contemporary security, efficacy is contingent upon adopting a Zero Trust paradigm, supplanting the progressively ineffective perimeter-based security strategies. However, many existing Zero Trust frameworks often neglect the security of data backup and recovery systems, even though backup data is frequently the primary target in both ransomware and data exfiltration attacks. The Veeam Data Protection Trends Report 2023 underscores this vulnerability, revealing that 93% of ransomware attacks are directed at backup repositories.
Jason Garbis, Founder at Numberline Security, emphasized the inherent susceptibility of backup infrastructure due to its extensive attack surface, necessitated by the need for read and write access to production across diverse enterprise applications and data sources. To address this vulnerability, Numberline and Veeam propose practical tools within the Zero Trust Data Resilience framework, encompassing core principles, an architecture, and a maturity model, with the overarching goal of enabling organizations to fortify their security strategy by extending Zero Trust principles to encompass backup and recovery.
The ZTDR principles, aligned with the CISA Zero Trust Maturity Model, encompass:
To facilitate the implementation of these principles, Numberline has devised a comprehensive ZTDR Maturity Model, accompanied by a ZTDR Reference Architecture. This architecture underscores key attributes such as segmentation, which entails the distinct separation of Backup Software and Backup Storage layers to establish resilience zones that minimize the attack surface and mitigate the impact in the event of an attack. Additionally, backup storage immutability is emphasized to ensure data integrity.
Danny Allan, CTO at Veeam, highlighted the alarming statistic that 75% of ransomware attacks on backups prove successful. He underscored the critical importance of data immutability and advocated for best practices like Zero Trust Data Resilience to enhance data security and minimize downtime. Veeam, in collaboration with storage partners, is actively working towards implementing an industry-leading Zero Trust model.