The Zero Trust Data Resilience Architecture

Welcome back to our blog series on the new Zero Trust Data Resilience concept, which we introduced in part 1. 

In today’s posting, we’ll be examining the Zero Trust Data Resilience architecture from the research whitepaper. If you haven’t read the research, it’s available here. In the document, we introduce the following reference architecture for Zero Trust Data Resilience.

This architecture is focused on the data backup and recovery systems, and illustrates our recommended best practices. First, notice the deployment of Policy Enforcement Points (PEPs), enabling policy-based segmentation of the network. Specifically, the architecture shows that the Zero Trust policy model is enforced for access to the production systems and sources of data, as well as to the backup storage. The policies for this access ensure that only the authenticated backup management system is permitted to access these resources. This segmentation ensures that even if the backup management system were compromised, the stored data remains safe. Also, note that the backup data is stored in multiple locations for resilience. And, the Zero Trust system uses the enterprise’s identity system for authentication, ensuring a consistent set of identities, and identity governance processes.

Next, we continue the conversation with data backup and recovery expert Tom Sightler, who is Vice President, Product Management, Enterprise Solutions at Veeam Software. Veeam is a data backup and recovery company, whose solutions help customers achieve Zero Trust Data Resilience.

Jason: Let’s talk about this architecture, Tom. Because we present this at a conceptual level, it’ll be useful for both security and data backup & storage practitioners.

Tom; Yes – this architecture is approachable and helpful for both of these audiences. As we mentioned previously, many storage and backup teams have been historically isolated from security. With our current threat landscape, however, we’re seeing security, backup, and storage teams all recognize the need to work more closely together, and be aligned. This architecture helps clarify things for both teams.

Jason:  In fact, we are optimistic that this architecture and whitepaper will provide both teams with a common vocabulary and roadmap. One additional thing we wanted to emphasize is the need for a solution that provides customers with the maximum degree of choice, about where and how to deploy their backups. This gives them the ability to best align their architecture with their needs.

Tom: Ultimately, a data backup and recovery solution needs to reliably deliver recoverability of data, while giving enterprises freedom to choose where and how their data is backed up.

Jason: Are you seeing this need highlighted differently across enterprises of different sizes?

Tom: The mid-enterprise in particular is looking to obtain a highly capable data backup and recovery platform without adding to their operational workload. This is especially true given the tight job market for these roles.  Interestingly, we’re also seeing this among larger enterprises. Finding a flexible and capable platform that they can confidently deploy and rely on for recovery under stress is of paramount importance. Automation and configurability are important aspects of their decision-making processes. 

Note: Conversation to be continued in upcoming blog post 3.

The new research is available here.

Please join Tom and me on an upcoming LinkedIn Live session on Tuesday, December 5, at 12.00pm ET.

And, if you’re interested in applying this Data Backup and Recovery resilience model to your enterprise, sign up for a free 30-minute workshop here.

Added:
The 1st post in this blog series is here.
The 3rd post in this blog series is here.