Zero Trust Data Resilience

Updates: We’ve revised the full research whitepaper – version 1.1 is available here.
About version 1.1: Based on reader feedback, this revision includes a reorganization of the ZTDR principles into three core principles, and two platform requirements. The content of these sections
is essentially unchanged. This revision also includes minor clarifications and rewording in a few areas.

New Content: We’re pleased to release the new, easy-to-read Extending Zero Trust
to Data Backup and Recovery Guide. Published in conjunction with Veeam, this guide provides data backup and recovery professionals with an easily consumable introduction to ZTDR.

Zero Trust is a security strategy, and by necessity is broad in scope. In fact, we believe that this strategy is the lens through which you should view your entire IT infrastructure and business. The widely accepted Zero Trust Maturity Model, from the US Cybersecurity and Infrastructure Security Agency (CISA), defines its scope broadly – across the now-familiar pillars of Identity, Devices, Networks, Applications & Workloads, and Data, supported by the cross-cutting capabilities of Visibility and Analytics, Automation and Orchestration, and Governance. 

However, even given this breadth, there are areas which need more attention, and we’re pleased to introduce the new concept of Zero Trust Data Resilience  which resulted from our work applying Zero Trust principles to Data Backup and Recovery.

For this research, we dove into the security and architectural requirements for data backup and recovery systems, and defined the ways in which Zero Trust principles should apply.

Take a look at our three blog post posts here, for full commentary:

Supporting Resources: