end-point
ANALYSIS
HOW ZERO TRUST HAS EVOLVED WITH THE TIMES
Dave Russell , Vice President , Enterprise Strategy at Veeam , tells us how the idea of Zero Trust has had to evolve with the times .
Around 18 months ago , I was writing about the ‘ endless journey ’ to Zero Trust . I used the word ‘ endless ’ because Zero Trust is a mindset rather than a product or a destination – it ’ s a target to aim towards . Like many things in cyber , it ’ s a matter of constant evolution . You have to adapt to survive and thrive in your environment . Even the idea of Zero Trust has had to evolve with the times .
Changing with the times
A cat and mouse game , an arms race – call it what you want – security has always been about adapting and evolving to stay ahead of threats . Bad actors constantly experiment and move the needle to get ahead of their targets . This is exactly what has driven so much innovation across the industry since the first-ever cyberattack took place . It almost goes without saying that the security tools considered the benchmark when I started my career 35 years ago would be a paper shield against a modern cyber gang . It ’ s not just the tools that have had to evolve , but also the mindset – how we think about security and use the tools at our disposal has had to change .
Zero Trust is a prime example of this . Once , security was just around the perimeter , it was a moat around the castle , but once you were in , you were in . As more and more enterprises worldwide have adopted Zero Trust as best practice , this has shifted . Security measures now need to be inside and outside – doors are locked , proof of identity is required , and people aren ’ t allowed access to parts of the castle if they don ’ t need to be there .
But the thing about evolution is that it never really stops .
Introducing Zero Trust Data Resilience
Even the most broadly used Zero Trust models have a few fatal flaws in the modern environment . Namely , they lack any kind of guidance in pivotal areas like data backup and recovery . This gap is significant as recent attacks often attempt to target backup repositories . For example , according to the Veeam Ransomware Trends 2023 Report , ransomware attacks targeted backup repositories in at least 93 % of attacks in 2022 .
Data backup and recovery systems are critical parts of enterprise IT and must be considered as part of the security picture . They have read access to everything , they can write data into the production environment and contain full copies of the business ’ s mission-critical data . Simply put , following modern Zero Trust principles to the letter makes you fairly water-tight when it comes to ‘ traditional ’ security , but leaves a huge gap in the armour regarding backup and recovery .
72 WWW . INTELLIGENTCISO . COM