Why Data Backup and Recovery is the Key to Mastering Zero Trust

Zero trust is now a widely adopted practice across the enterprise, but Veeam’s Dave Russell predicts that threats posed by emerging technologies such as AI will drive a greater push for standardized, all-encompassing zero-trust frameworks. 

Zero trust has gained significant traction in the information security industry and is widely adopted by enterprises worldwide, with the UK and the US leading the charge. According to the Forrester report, organizations across the Asia Pacific (APAC) are quick to follow, with seven of ten businesses planning to adopt zero trust this year.

In 2024, we will see increased scrutiny on organizations to ensure zero trust is adopted beyond a “tick-box” approach. Specifically, there will be a greater push for standardized, all-encompassing, zero-trust frameworks that provide resilience against threats posed by emerging technologies such as AI. The ability to backup data and restore it efficiently following an attack will be critical to cyber resiliency. 

Assume Compromise and Plan for Failure

Veeam’s 2024 Data Protection ReportOpens a new window revealed that 80 percent of organizations in the Asia Pacific and Japan (APJ) experienced at least one ransomware attack in the past year, with a quarter attacked four or more times. This shows that ransomware attacks continue to be a when rather than an if, and businesses must plan for compromise. More shockingly, nearly all (94%) businesses acknowledge an availability gap, meaning their IT systems do not meet expectations when recovering after an interruption.

When businesses are unprepared, they put themselves at risk of business disruption and damaged brand reputation. Often, businesses find themselves in a reactive state following a cyberattack, where they have no clear recovery plan and can only respond to the incident on the spot. Therefore, attack assessment, containment, and recovery are delayed, and business continuity suffers.

As more businesses understand the benefits of zero trust, many refer to existing frameworks to guide how they apply it in the industry and better prepare themselves for an attack. However, not all are created equal.

Adopting a Resilient Zero-trust Framework

While businesses can leverage several zero-trust models, most do not include two crucial elements of cyber resiliency: data backup and recovery systems. This gap leaves businesses prone to extended downtime following a cyber incident. These businesses also often become the primary target for ransomware and data exfiltration attacks.

To stress the importance of data resiliency, Veeam has extended the standard CISA Zero Trust Maturity Model to encompass data backup, backup system resiliency, and backup management to ensure efficient data recovery. These extensions can then be progressed across four maturity tiers: Traditional, Initial, Advanced, and Optimal. The Zero Trust Data Resiliency (ZTDR) model provides a clear and practical roadmap for organizations looking to start their journey towards zero trust or incorporate backup and recovery systems into their zero-trust initiative. 

See More: Why Enterprises Need Zero Trust Security

Zero Trust Data Resiliency as a Critical Entry Point

With the many components required in a zero-trust framework, a critical barrier to implementation is the high volume of tasks – from system upgrades and team training to establishing new ways of working. 

The secret weapon to getting zero trust right is mastering zero trust resiliency in backup and recovery as a priority. Robust data backup and recovery systems ensure all important information is backed up securely and can be restored efficiently when needed. This serves as a safety net while security and IT teams take the necessary steps to implement zero-trust across other systems and educate employees to ensure everyone is playing a part in defending against cyberattacks. 

Schneider Electric’s response to its recent ransomware attackOpens a new window shows how a solid recovery plan can minimize business disruption and reputational impact. Shortly following the incident, which affected a number of systems, Schneider Electric activated a robust response strategy involving recovery, containment, impact assessment, and forensic analysis. The business quickly assessed the attack, contacted affected customers, and reassured the public that access to business platforms would be restored efficiently. 

The widespread adoption of zero trust worldwide marks a significant shift towards a more proactive approach to emerging threats. With the continued surge of ransomware attacks and the complexity of emerging technologies, we will see stronger demand for zero-trust frameworks that help businesses prepare for the inevitable cyberattack. Frameworks such as the ZTDR model incorporating data resiliency will become the benchmark for an all-encompassing approach to zero trust, with those that fail to follow putting themselves at risk of significant business disruption.

How can businesses efficiently adopt the zero trust data resilience (ZTDR) model to manage their data backup and recovery processes? Let us know on FacebookOpens a new window , XOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!

Image Source: Shutterstock

MORE ON ZERO TRUST

• Rethinking Network Security: Three Steps to Zero Trust
• What Is the Relationship Between Zero Trust and SASE?
• Zero Trust Security Is the New Norm, But Making It Work 
• How To Upgrade Your VPN with Zero Trust