{"id":69388,"date":"2023-02-02T09:57:35","date_gmt":"2023-02-02T14:57:35","guid":{"rendered":"https:\/\/www.commvault.com\/?p=69388"},"modified":"2024-01-02T09:49:36","modified_gmt":"2024-01-02T14:49:36","slug":"data-security-through-zero-trust","status":"publish","type":"post","link":"https:\/\/www.commvault.com\/blogs\/data-security-through-zero-trust","title":{"rendered":"Data Security through Zero Trust and a Ransomware Strategy"},"content":{"rendered":"\n

Zero trust architecture is central to an organization\u2019s security posture to mitigate cyberattacks, and the Defense Department recently released its Zero Trust Strategy and Roadmap1<\/sup> on its plan to get the DOD to a Zero Trust architecture by 2027.2<\/sup><\/p>\n\n\n\n

A zero trust architecture provides the foundations for micro-segmentation of the IT landscape, access limited with the Least Privilege principle, and all communication to and between the micro-segments being authenticated, audited, and verified3<\/sup>. The underlying philosophy for zero trust is never assume trust, but continuously validate trust, so bad actors don\u2019t get in. Companies, organizations and government agencies need to make sure that even users inside a network can\u2019t do serious damage.<\/p>\n\n\n\n

Flag Unusual Behavior<\/strong><\/strong><\/p>\n\n\n\n

Zero trust principles ensure user access is continuously validated and monitored for Authentication and Authorization while constantly Auditing. Commvault leverages security controls such as multi-factor authentication for everyday administrative tasks, privacy locks, and data encryption. User access can be compartmentalized, explicitly denying CommCell level access, while applying roles to micro-segmented groups of resources through multi-tenant configurations. Zero trust controls help limit internal lateral movement to prevent data loss and unauthorized access to data.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n
<\/div>\n\n\n\n

Apply Zero Trust Controls<\/strong><\/p>\n\n\n\n

\n
\n
\"\"<\/figure><\/div><\/div>\n\n\n\n
\n

Commvault makes it simple to apply zero trust AAA controls by using the Security Health Assessment Dashboard<\/a>. The dashboard provides a single pane of glass for identifying controls, highlighting potential risks within the backup environment, and recommending interactive actions to apply controls.<\/p>\n<\/div>\n<\/div>\n\n\n\n

<\/div>\n\n\n\n

Add Layers of Security <\/strong><\/strong><\/p>\n\n\n\n

To help strengthen the resilience of your data infrastructure, the NIST Cybersecurity Framework<\/a> focuses on five primary pillars for a successful and holistic cybersecurity program. Attention to these pillars can help your organization in developing a comprehensive risk management strategy. Commvault has built these security pillars into our data protection software and policies without the incremental management overhead. The Commvault data protection and management platform include five security layers:<\/p>\n\n\n\n

\n
\n
\"\"<\/figure><\/div>\n\n\n

Identify<\/p>\n<\/div>\n\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Protect<\/p>\n<\/div>\n\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Monitor<\/p>\n<\/div>\n\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Respond<\/p>\n<\/div>\n\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Recover<\/p>\n<\/div>\n<\/div>\n\n\n\n

<\/div>\n\n\n\n

Our multi-layered security consists of feature sets, guidelines, and best practices to manage cybersecurity risk and ensure data is readily available. We help protect and isolate your data, provide proactive monitoring and alerts, and enable fast restores. Advanced technologies powered by artificial intelligence and machine learning, including honeypots, make it possible to detect and provide alerts on potential attacks as they happen so you can respond quickly. By keeping your backups out of danger and making it possible to restore them within your Service Level Agreements, you can minimize the impact of a ransomware attack so you can get back to business right away (and avoid paying expensive ransoms).<\/p>\n\n\n\n

<\/div>\n\n\n\n

Immutability<\/strong><\/p>\n\n\n\n

Protecting and isolating your backup copies is critical for data integrity and security. Therefore, we have taken an agnostic approach to immutability. With Commvault, you do not need special hardware or cloud storage accounts to lock backup data against ransomware threats. If you happen to have Write-Once, Read Many (WORM)-, object lock- or snapshot-supported hardware (which Commvault fully supports), you can still use Commvault\u2019s built-in locking capabilities to complement and layer on top of existing security controls. Commvault\u2019s ability to support layered defenses for securing data sets against ransomware ensures that your organization benefits from a sound cyber recovery-ready architecture. Here are some elements to include in your immutability architecture:<\/p>\n\n\n\n