Article written by Tom Sightler, Vice President of Product Management, Veeam. 

Why Zero Trust?

The Zero Trust model grew from recognizing that creating fully secure perimeter networks is simply not possible, and therefore, security must evolve to be more explicit. This new model states that, rather than assuming that specific networks are secure, users should assume that all networks are insecure. This is called "assume breach." Effectively, this means that you should have "Zero Trust" that a connection coming from any network endpoint is a valid one without taking additional validation steps.

This validation can come in various methods and implementations, but should generally follow these core Zero Trust principles:

  • Least-privilege access: Access is restricted to what's essential at the right time and with just enough access. This prevents lateral movement and unauthorized access to other network parts.
  •  Verify explicitly: Departing from traditional "trust but verify" methods, this principle focuses on always authenticating and authorizing by using available information like user identity, location, devices, workload, data, etc.
  •  Assume breach: Operating under the assumption that breaches will happen, Zero Trust prioritizes detection, response, and rapid recovery to minimize the impact of security breaches and the subsequent blast radius.

What is Zero Trust Data Resilience?

Zero Trust has historically been applied to an organization's entire ecosystem but their backup environment. This is a problem since, as we know, it's now not a matter

of if but when an organization will be impacted by cyberattacks like ransomware. Veeam's Zero Trust approach, Zero Trust Data Resilience (ZTDR), focuses on expanding Zero Trust principles to include an organization's backup environment. This philosophy is foundational to our approach to data protection and an organization's cyber resilience strategy.

The core principles of Zero Trust Data Resilience are key elements in protecting your data:

  •  Separation of backup software and backup storage: Minimize attack surface and blast radius
  • Multiple resilience zones: 3-2-1 backup rule
  •  Immutable and encrypted backup storage: Protect backup data from modification or deletion

Key Zero Trust Data Resilience Principles

Separate Backup Software and Backup Storage With Segmentation and Air Gapping

A key principle of ZTDR is ensuring that backup software and backup storage are separate. These separations ensure that, in the case you lose software with your backup vendor, this won't mean a loss of data for your entire organization. By separating backup management systems and backup repositories onto different networks, threat actors will have minimal access or connection to both networks, making it much harder to compromise all locations at one single time.

Additionally, strong controls should be placed around accessing these segregated networks to ensure that only authorized users can access what they need when they need to. This helps reduce attack surfaces for all networks and their components.

Air-gapping provides an additional layer of protection by separating a backup data copy either logically or physically. Common ways to implement air-gapping includes leveraging true, physical isolation (like with rotated media or tape) or by using logical air-gapping techniques such as storage-level replication of immutable snapshots. This can also include automated methods for isolating network access to backup storage outside the backup window.

Segmentation and air-gapping are both critical components to helping your organization maintain availability for authorized users while reducing the risk to confidentiality and integrity by keeping the blast radius extremely limited should one part of the environment be compromised. However, it is key to note that relying purely on credentials or separate network paths should not be your only layer of protection.

Establishing Multiple Resilience Zones

Within the data protection industry, the 3-2-1 rule is one that reigns above all and serves as a critical foundation to any organization's data protection strategy. This rule

focuses on maintaining multiple copies of your organization's data to ensure you can recover quickly and securely. Here's a breakdown:

  • 3: Maintain three copies of your data: This includes the original data and at least two copies.
  • 2: Use two different types of media for storage: Store your data on two distinct forms of media to enhance redundancy.
  • 1: Keep at least one copy off-site: To ensure data safety, have one backup copy stored in an off-site location, separate from your primary data and on-site backups.

By spreading your data across multiple resilience zones, you can prevent a full loss of your organization's data. Even if you were to lose one zone, that wouldn't mean losing everything.

Immutable and Encrypted Backup Storage

The final core principle of ZTDR is immutability and encryption. Backups are only good if you can restore them when needed, so the integrity of your data should be made a priority for your data protection and backup admins. Immutability means that something that was once written is now unable to be altered or deleted. Specific to data protection, immutability means backups can only be deleted once a set period of time has expired, and is therefore safe from potential changes, including accidental and intentional deletion. Immutability should be implemented across all resilience zones regardless of where data is stored, including primary backup, secondary backup, cloud, tape, etc.

Any repository that's critical in an incident response and recovery plan should implement immutability. It's important to note that destruction or malicious encryption of data also makes data unavailable, and immutability can help ensure the availability of your backup data as well.

Immutability and air gapping doesn't protect confidentiality, however. Fortunately, encryption is a double-edged sword that makes data unreadable by anyone without the key, which locks cybercriminals out of backups. This greatly reduces the risk of data exfiltration, espionage, and reconnaissance. An important element of encryption for cybersecurity programs is the use of centralized key management systems (KMS). Utilizing a KMS to encrypt Veeam backups is a simple implementation task that allows security team to manage and protect the keys that will allow users to decrypt backup data.

Encryption should be applied everywhere, since accessing any single copy is enough to cause a data leak. However, encryption doesn't prevent destruction or another layer of encryption, so it can't help to ensure integrity and availability. By implementing both immutability and encryption on top of an air-gapped implementation, customers can take a layered approach to achieving the CIA Triad.

Achieving Zero Trust Data Resilience With Veeam

Zero Trust is foundational to any organization's cyber resilience strategy. However, to have a stronger, robust defense, it's critical that you extend these principles to an organization's backup system and environment. Without implementing Zero Trust Data Resilience, your security strategy is incomplete and puts the ability to recovery and respond securely and quickly at risk. The Veeam Data Platform is architected around the principle of 'Data Security, Data Recovery, and Data Freedom.' The latest release is packed with new features that help reduce incident response time. With proactive threat hunting for your backups via SIEM, YARA, and NIST cybersecurity best practice integrations, Veeam Data Platform has your back and provides the confidence you need to take a stand against cyberattacks.

Learn more about Zero Trust and Veeam Contact a WWT Expert 

Technologies