Page 123 - Cyber Defense eMagazine RSAC Special Edition 2025
P. 123

Because  of  these weaknesses,  it’s  crucial  to  implement  additional  security  measures  tailored  to  the
            unique challenges of backup environments.



            Enter the Zero-Access Model

            Zero access is an advanced security approach for backup environments that surpasses traditional zero-
            trust methods. It prioritizes automation over access, significantly reducing the risk of human error and
            malicious intent in data breaches.



            Key Features of Zero Access:

            1. Automation-centric design: Zero access emphasizes automation as the cornerstone of its security
            strategy.  By  eliminating  unnecessary  human  interaction  with  backup  components  and  operations,  it
            enhances security while improving system efficiency and effectiveness.

            2. Comprehensive protection: This approach provides all-encompassing security for the entire backup
            infrastructure,  safeguarding  all  components  —  including  servers,  software,  databases,  and  storage
            systems — by removing access points for operational activities. In this way, zero access fills security
            gaps left by traditional zero-trust approaches.

            3. Elimination of manual management: Zero access revolutionizes backup management by removing
            traditional login capabilities, preventing account takeovers and unauthorized access. It replaces manual
            management with automated systems, ensuring consistent and secure operations. [Perhaps replace the
            2nd sentence with – Elimination of various component log-ins eliminates most of the attack vectors that
            bad actors typically exploit.  I would like to eliminate automation here as it sounds like we are duplicating
            #1]

            Zero access incorporates a specialized management interface that gives administrators visibility and
            control over the backup environment without direct access to the infrastructure. It implements robust
            zero-trust mechanisms, including multifactor authentication, to ensure only authorized personnel can
            interact with the system.

            If there’s ever a legitimate reason to delete a full backup, like when decommissioning a system, the zero-
            access  approach  would  follow  defensible  data  deletion  protocols  that  require  auditable,  multifactor
            approval for any data removal, thereby preventing administrators from unilaterally deleting data. And in
            rare instances when an admin would need to access backup devices in a true emergency, it would require
            multiphase  security  approval  from  both  company  admins  and  the  service  provider.  These  stringent
            processes ensure that even in emergencies, security remains intact.












                                                                                                            123
   118   119   120   121   122   123   124   125   126   127   128