Zero-trust is becoming a requirement to keep businesses and systems safe from evolving threats.
As cyberattacks become more sophisticated and IT systems ever more complex, zero-trust architecture is becoming a hot topic in cybersecurity (opens in new tab). But zero-trust is not a new idea, it’s a continuation of a principle that’s been around for years. Let’s explore the history and challenges of zero-trust, the critical role of secure backups (opens in new tab), and why such projects are never really over.
If you pay attention to industry news you will see a lot of discussion around zero-trust in recent months. Cyberattacks, particularly ransomware (opens in new tab), are becoming increasingly nuanced and their frequency has risen sharply over the last year. Digital infrastructure is also growing more complex – meaning more access points and integrations across IT and OT networks (opens in new tab), public clouds, and between a myriad of different parties.
Both of these factors mean more and more organizations are looking to implement a zero-trust architecture. In simple terms – a system that is secured from top-to-bottom rather than just the outside and one that never trusts and always verifies internal access requests.
In truth, zero-trust is not a new idea. I’ve worked in the data protection (opens in new tab) space for over twenty years, and even in those early days, the practice of building systems or components to be ‘mutually suspicious’ of each other was commonplace. Zero-trust is a continuation of this same idea but like many things in the digital space, scale and complexity have reached new levels.
The other thing about zero-trust which people often misunderstand is that it’s not a product that you can purchase and just plug into your existing architecture. Zero-trust is a culture, it’s a complete change of mindset, for both the organization and the system itself, and it’s supported by a litany of intertwined products. This focus on mindset is crucial. You can’t just implement it and forget about it. You need to be constantly re-evaluating and applying it to everything you do.
Backup and recovery are an overlooked necessity for zero-trust. The two core principles of a zero-trust architecture are to always verify, and always assume a breach, meaning security (opens in new tab) on the inside of the system has to be as robust as that on the outside.
