Despite the fact that it is a decades-old exploit, phishing remains a top threat to organisations today. Bad actors looking to steal personal information and credentials will use phishing scams because they are simple and effective, and once they have access, they can exfiltrate data and spread ransomware. Stolen credentials give bad actors authorised access to networks, and once they are inside, they can inject malware and wreak havoc. The traditional ways of securing networks, like firewalls and VPNs, are no longer enough, and securing the perimeter is challenging in a remote working, borderless world. Zero trust has become critical to not only ensure authorised access only, but to continually validate access to prevent bad actors with stolen credentials from infiltrating networks and deploying ransomware attacks.
Are they who they say they are?
A ransomware attack is often not the first port of call for bad actors, and it can be seen as a symptom of a bigger problem. Typically, what happens is that threat actors will gain access to a network, and then begin to infiltrate other areas of the organisation. Only once widespread access has been gained will a ransomware attack be deployed. If they gain access using stolen credentials, it may take a long time to identify the attack, by which time a significant amount of damage may already have been caused.
Think of your network as a house, and a bad actor as a contractor, like a plumber. When we need a plumber, we will verify their identity before we let them in the house. But once they have access to the house, unless we are aware of where they are and what they are doing, they may be doing damage such as stealing valuables. This is similar to a network. Just because someone has the credentials to access it, does not mean they should simply be allowed in. It is essential to keep validating and monitoring the access, and to ensure that the person accessing the network is who they say they are – this is the basis of zero trust.
Multiple layers make for stronger security
In order to ensure effective security and zero trust, multiple layers need to be addressed, including user access, the architecture itself, the network and the data. Multi-factor authentication is essential for advanced login security, and on top of this, privileged access management ensures that credentials are secured and data cannot be accessed illegitimately. Least privileged access and role-based authentication with additional authorisation controls help to limit access to data. The key is to implement authentication, authorisation and then audit to continuously ensure access is restricted to people with legitimate permission.
The architecture itself also needs to be addressed, for example, by validating binaries to ensure they are coming from the application they say they are. It is also advisable to implement CIS controls to limit exposure, reduce the threat landscape and make it difficult for threats that have gained access to spread using known vulnerabilities and exploits. Addressing the architecture layer strengthens the foundation.
The data element
Zero trust is the principle of architecting a secure solution to protect networks, but data requires additional considerations. Segmentation needs to be implemented to reduce access to data and the network topology must be controlled to protect backup data. It is also essential to have multiple copies of data, and an immutable copy of data that cannot be altered or infected, with air-gapping to ensure better protection. Finally, it is important to include monitoring and alerting to ensure that should incidents happen, they can be identified quickly before they can cause issues.
Zero trust is the basis of effective data protection in a borderless, remote working world, by ensuring you continuously gate and validate trust throughout data protection and access processes. To achieve this, you need a layered architecture, as well as effective application, network and authentication controls. Above all, whatever zero trust technologies and protocols are in place, your backup and protection solution needs to be complementary to this.
Share
Commvault
Commvault (NASDAQ: CVLT) liberates business and IT professionals to do amazing things with their data by ensuring the fundamental integrity of their business. Its industry-leading Intelligent Data Services Platform empowers these professionals to store, protect, optimize, and use their data, wherever it lives. Delivering the ultimate in simplicity and flexibility to customers, its Intelligent Data Services Platform is available as software subscription, an integrated appliance, partner-managed, and software as a service—a critical differentiator in the market. For 25 years, more than 100,000 organizations have relied on Commvault, and today, Metallic is accelerating customer adoption to modernize their environments as they look to SaaS for the future. Driven by its values—Connect, Inspire, Care, and Deliver—Commvault employs more than 2,700 highly-skilled individuals around the world. Visit Commvault.com or follow us at @Commvault.