Veeam Software, a company specializing in Data Protection and Ransomware Recovery, announced today its latest initiative in cybersecurity: the Zero Trust Data Resilience (ZTDR) model.
This model, developed in partnership with Zero Trust expert Jason Garbis of Numberline Security, is designed to bolster organizational resilience against growing data security threats, according to the companies.
Introducing Zero Trust Data Resilience
The ZTDR model applies Zero Trust principles to backup and recovery, extending the Cybersecurity & Infrastructure Security Agency (CISA) Zero Trust Maturity Model, Veeam said in a prepared statement.
It focuses on segregating backup management systems and their storage tiers into separate resilience zones. This approach aims to minimize the attack surface and restrict the impact of potential breaches. Additionally, the model emphasizes immutable backup storage to safeguard data against modifications, even in ransomware attacks, Veeam said.
The Growing Necessity for Enhanced Data Security
Recent trends in cybersecurity underscore the importance of robust data protection measures. Veeam's Data Protection Trends Report 2023 revealed that 93% of ransomware attacks target backup repositories, highlighting the vulnerability of traditional security systems.
Core Principles of ZTDR
The ZTDR framework incorporates several key principles:
- Least Privilege Access
- Immutability
- System Resilience
- Proactive Validation
- Operational Simplicity
These principles are part of a comprehensive ZTDR Maturity Model developed by Numberline, which also includes a Reference Architecture. This architecture features segmentation for distinct resilience zones and immutable backup storage, ensuring data remains unaltered and secure.
Industry Perspectives on Zero Trust and Ransomware Protection
Danny Allan, CTO, Veeam, commented:
"The latest Veeam research indicates that 75% of ransomware attacks on backups succeed. Implementing Zero Trust Data Resilience is vital for businesses to maintain continuity and reduce downtime risks."
Jason Garbis, founder, Numberline Security, added:
"Backup infrastructure inherently possesses a large attack surface due to its read and write access requirements across various enterprise applications and data sources. By adopting Zero Trust Data Resilience tools and principles, we aim to mitigate these risks and provide organizations with enhanced cyber resilience."
Christophe Bertrand, Practice Director at ESG, added:
"Our research shows that 86% consider Zero Trust a key strategy in ransomware defense. The Zero Trust Data Resilience model is essential for a robust security posture, enabling quicker and safer recovery from cyber threats."
