Zero Trust: Data Security Insurance

Web hackers are clearly masters of the field of ransomware. They are ready to do anything to hostage the key data of many organizations in exchange for a handsome ransom. Last year alone, or in France alone, the cybermalveillance.gouv.fr portal recorded more than 1,700 requests for assistance in attacks related to ransomware. According to a recent IDC study, more than one-third of organizations around the world were hit by ransomware attacks in 2021, with an average ransom payment of about $ 250,000, and many studies impacted 2022. I agree with the number of companies that receive all the stripes. Ransomware attacks are expected to reach new heights. Obviously, the number of ransomware attacks has only increased in the last few years and will continue to increase. Starting with the maxim that prevention is better than cure, it is wise to think that modern enterprises need to make sure their data is secure in order to combat the tragedy of cybercrime. It sounds easy on paper, but how do you actually get there? How can I best protect myself? What solutions would help along this path?


The first step is to adopt a security strategy where the data is not only the last line of defense, but also the first line of defense. This dual approach allows you to protect your data. Simply put, this is what we call data assurance. This approach consists, for example, of understanding and correcting errors throughout the communication process between the host and the storage array. This process improves the data integrity of the storage system by allowing the array itself to check for errors and adding an error check code to the block of data to determine which errors are being transferred. If corrupted data is identified, it will be fixed before reaching the next destination.

For this approach to be effective, organizations must adopt a zero-trust architecture that assumes that all users, devices, and applications are unreliable and potentially compromised. The zero trust security model describes a fine-grained approach to protecting data that maintains control over all data in the design and implementation of IT systems. In other words, it checks everything and doesn’t trust anything. With zero trust, permissions are severely restricted and data can only be accessed via multi-factor authentication, eliminating the possibility of someone or something maliciously affecting the data.

Architectures designed around zero trust policies should use immutable backups to further secure data. Immutable backups cannot be intentionally or unintentionally modified, deleted, or tampered with. Also, attempts to read the data are subject to authentication. Therefore, it guarantees clean, unchanging data to recover in the event of a sudden attack.

In addition to requiring certificate-based mutual authentication for secure communication as part of the zero trust cluster design, immutability relies on file system distribution and API authentication. Strict control over which applications can exchange information, how data is processed, and how data is placed on physical and logical devices, requiring authentication on all media increase. Therefore, security teams can be confident in the level of data protection.

The final piece of the data assurance puzzle is the deployment of a modern backup solution that can implement the various topics mentioned above. Traditional solutions were not designed with this in mind and do not provide the visibility and governance features needed to effectively monitor the data flowing through an organization. This approach gives enterprises an accurate picture of where the data is and complete control over the data. Security teams can be confident that they are stored immutably and can confidently leverage that data to initiate post-ransomware recovery operations.