Survive and Thrive
Data Protection is facing increasing pressures. Going forward I predict an unprecedented amount of attacks and breakdowns of the security perimeters around us. There will be no safe cozy home for your infrastructure and backed up data. Survivability will depend on an organization’s and people’s ability to adapt.
In such an incredible hostile climate and environment one might ask, how can I function? How can I protect my backups and infrastructure when surrounded by adversaries on all sides?
Being in Berlin last week for the Veeam 100 Summit reminded me of a different era. While this was a different time and the challenges perhaps were simpler and easier to define, nevertheless there were during that time, environments similar to what we are facing and will be facing in the near future.
THE RANSOMWARE IRON CURTAIN
Everyone having to work or operate on the other side of the Iron Curtain knew what Zero Trust meant without ever having heard the term spoken. In fact Veeam’s new Zero Trust Data Resilience (ZDTR) based on Zero Trust itself at its base is not really something that new.
As a reminder Veeam extended the meaning of Zero Trust to Data Protection. Veeam did what people from another generation did automatically when living and working in Berlin. They accepted the fact that their environments were undoubtedly breached and assumed that everything and everyone around was compromised.
They key element was to protect, and using the parlance of out time, with utter immutability, the things that were most important and key to survival. This could be done in various ways. Just to name a few with an IT security nuance, creating honey pots, i.e. the opposition only has so many resources so they waste time going down the wrong path, constant monitoring and awareness, testing environments for signs of integrity lost and having no trust in anything or anyone around you. These just to name a few. Sounds familiar?
Test your Setups
Put yourself in the shoes of the opposition and see if you can compromise or get hold of the information or assets that you are trying to protect. Practice what you would do and what actions you would need to take if anything of value was compromised and how do you recover? Make certain that you have something to recover, be it documents or even knowledge that you might have to give up. Have a plan and practice it repeatedly. Adopt the plan for changing conditions and new threats
You are surrounded
Most importantly have zero trust in people. In order to protect you need to push this to the point where you assume breach coming from everyone, not only the bad guys on the other side of the wall but insiders as well, your colleagues, your boss, upper management. Ask what damage can they do if they have sold out to the bad guys or for some other motivations decide to turn aggressively on your environment?
When you think about it if the bad guys were smart they would be better to compromise someone very high up in your organization with immense access rather than try to break through hardened firewalls or attempt silly Hollywood mission impossible (hence the name) burglary into physical data centers.
It would be interesting to know if there are any statistics on Upper Management insider attacks in our present day situation? Or is it assumed that once a person passes a certain pay grade or a certain level of position in the food chain, they are automatically vetted and cleared simply because they are a Manager or the CTO or CEO?
Woe to the business or organization that makes those types of assumptions.
Live Zero Trust from now on!
Zero Trust is not a networking, or IT security only philosophy that has been stretched to cover Data Protection.
Zero Trust is a way of life and an effective means to survive and prosper in extremely harsh and hostile environments.
As for the movie with a similar name to my title above, well it is set partially in Berlin and I highly recommend it. Richard Burton’s face should be the Zero Trust Icon :)