The Zero Trust paradigm, stemming from the “Assume Breach” approach, is an architectural design paradigm rooted in the core principle of least privilege for all entities across the entire infrastructure. In this article, we will be “Demystifying Zero Trust with Veeam: Design your Architecture”. Please see Install PostgreSQL on Windows server as Veeam Database Engine, Relating Due Diligence and Due Care to Veeam Backup and Replication, and how to upgrade Veeam Backup and Replication v11 to 12.1.
Regardless of where the request originates or what resource it accesses. Zero Trust teaches us to “never trust, always verify.” Every access request is fully authenticated, authorized, and encrypted before granting access. Microsegmentation and least-privilege access principles are applied to minimize lateral movement.
For those familiar with the Zero Trust concept and actively engaged in its implementation which is a long-term strategic approach. It becomes apparent that there exists a gap within the CISA Zero Trust Maturity Model. As we progress, we will delve deeper into these gaps and discuss strategies for improvement.
To address this critical security gap. Veeam introduced a concept known as “Zero Trust Data Resilience” since businesses worldwide constantly face security challenges, ranging from ransomware attacks to data exfiltration.
As a data Owner, and/or IT Administrator, you are probably aware that Ransomware and malicious actors target our IT environments with the primary aim of compromising the backup infrastructure, rendering data recovery impossible. In the event of a disaster, our last line of defence is our backups, and thus, it is imperative to actively and adequately protect them.
Why is this concept (ZTDR) of interest today?
This concept holds significant importance today. Given the integral role that data backup and recovery play for IT administrators and the security team. The reason is the heightened sophistication exhibited by attackers, some of whom are state-sponsored. In light of this, the conventional or routine methods of data backup and recovery are no longer adequate.
Therefore, an enhanced and efficacious backup approach is founded on Zero Trust principles. This approach delivers a clear and definite strategy for bolstered defence and swift data recovery in the event of a disaster.
What is Zero Trust?
Zero Trust approaches enhance preventive protection for application access, significantly minimizing the potential damage caused by cyber-attacks. This comprehensive methodology integrates established security measures and best practices into a holistic framework. Centered around a data-centric model, the efficacy of these measures primarily targets the protective goals of integrity and confidentiality, albeit without directly addressing availability.
Without a clear definition of the concept “Zero Trust”. You might still be wondering about the gaps Veeam discovered and how Zero Trust Data Resilience would address them.
Implementing Zero Trust principles holistically and effectively is not a one-time investment as mentioned above. Rather, it is a long-term project requiring sustained financial and personnel resources. In the case of cross-organizational networking, organizations must mutually agree on Zero-Trust concepts in a binding manner, with the interoperability of product functionalities being paramount for successful implementation. However, this remains a significant challenge today, largely due to the lack of standardization.
The definition of this concept will enable us to understand the gap identified and filled by Veeam in regards to data protection (ZTDR).
The Zero Trust Principles
Discussing the below principles will enhance your understanding and ability to articulate any existing gaps.Verify explicitly: Always authenticate and authorize based on all available data points. This includes user identity, location, device health, service or workload, data classification, and monitor anomalies
Use least-privileged access: Limit user access with just-in-time and just-enough-access, risk-based adaptive policies, and data protection to help secure data and maintain productivity
Assume breach: Prevent attackers from obtaining access to minimize potential damage to data and systems. Protect privileged roles, verify end-to-end encryption, use analytics to get visibility, and drive threat detection to improve defences.
Important! To secure digital transformation, organizations must embrace Zero Trust. Digital transformation necessitates a re-evaluation of traditional security models. The outdated approach to security lacks the agility, user experiences, and protections required for a swiftly evolving digital landscape. Many organizations are adopting Zero Trust to address these challenges.
Zero Trust Maturity Model
The Zero Trust Maturity Model serves as a roadmap to assist businesses in developing Zero Trust strategies and implementation plans. Grounded in the principles of Zero Trust, the model aims to minimize uncertainty by enforcing accurate, least-privilege per-request access decisions in information systems and services, even within a network perceived as compromised.
Kindly take a look at the CISA Zero Trust Maturity Model below. This diagram depicts the five core pillars of Zero Trust. They are “identify devices, networks, application, and data” with an additional three cross-cutting capabilities focusing on “Visibility and Analytics, Automation and Orchestration, and Governance”.
Five Pillars of Zero Trust Maturity Model?
CISA’s Zero Trust Maturity Model (ZTMM) consists of five main pillars: Identity, Devices, Networks, Applications, and Workloads, and Data.
- Identity: This pillar focuses on authenticating and authorizing users and devices before granting access to resources. It involves creating a unified identity and access management (IAM) system and implementing multi-factor authentication (MFA) for all users.
- Devices: This pillar focuses on securing all IoT devices that connect to an organization’s network. It involves creating a comprehensive inventory of all devices and implementing endpoint detection and response (EDR) solutions.
- Networks: This pillar focuses on securing all network traffic, regardless of the user’s location or resource. It involves implementing network segmentation and micro-segmentation to limit resource access. Emphasizes on the use of secure communication protocols such as Transport Layer Security (TLS).
- Applications and Workloads: This pillar concentrates on securing all applications and workloads, whether they reside on-premises or in the cloud. It entails implementing application-level access controls and employing secure coding practices to prevent vulnerabilities.
- Data: This pillar focuses on securing all data, whether it is at rest or in transit. It involves implementing encryption and access controls to prevent unauthorized access to sensitive data.
Essential Capabilities for Effective Zero Trust
The CISA Zero Trust framework emphasizes three cross-cutting capabilities that enterprises can leverage on their journey to adopting the framework. They are Visibility and Analytics, Automation and Orchestration, and Governance. These capabilities actively support the interoperability of functions across the pillars
- Visibility and Analytics: By focusing on data analysis, enterprises can enhance their ability to inform policy decisions, respond to actions more effectively, and construct risk profiles. Security teams can then proactively take measures before incidents occur.
- Automation and Orchestration: In a Zero-Trust model, automated tools and workflows support security response functions while maintaining oversight, security, and interaction of the development process for such functions, products, and services.
- Governance: Senior leadership in an enterprise actively manages and mitigates security risks in support of Zero-Trust principles. They do by defining and enforcing cybersecurity policies, procedures, and processes from the top down.
A Focus on the ZT Pillas by CISA
As explained above, the CISA model identifies five detailed functions, with expected capabilities and attributes for each maturity level. The functions are:
- Data Inventory Management
- Data Categorization
- Data Availability
- Data Access
- Data Encryption
As you can see above, data backup and recovery do not have enough coverage and this is the gap identified by Veeam. No wonder they are the industry leader in backup, recovery, and data management solutions! Their ability to pinpoint business needs sets them apart, contributing to their standout position in the industry.
What are the Zero Trust Data Resilience Requirements
The Zero Trust Data Resilience contains a set of requirements. An architecture, an extension to existing Zero Trust Maturity Model. This entails that businesses must utilize immutable data storage while enforcing strict authenticated access to the production and backup environment.
Also, the Zero Trust approach should support the Hybrid Architectures (On-premise to Cloud (Object Storage)) and must be capable of handling recovery in dissimiar environments. Please see “Immutable primary backup storage with a hardware-agnostic touch“, and “Backup to Object Storage“.
Adhering to the mentioned requirements will enhance the protection of your data, applications, and network against disgruntled individuals and attackers.
Zero Trust Data Resilience Approach
For those who have undergone CISSP training, you’ll recall the initial domain, Domain 1, focusing on “Business Continuity and Disaster Recovery Strategy.” This pivotal domain delves into the design and protection of businesses in unforeseen circumstances.
Fundamentally, the Information Security cornerstone, often known as the CIA Triad encompassing Confidentiality, Integrity, and Availability, is highly relevant to data backup and recovery. As articulated earlier, aiming to prevent data exfiltration aligns with ensuring confidentiality, guarding against ransomware attacks aligns with maintaining integrity, and assuring the availability of IT systems, recoverable in case of a disaster, resonates with the principle of availability.
Therefore in my opinion, it makes sense to the the CIA tried to the core Zero Trust principles.
Zero Trust principles include the elimination of implicit trust, unsegmentd networks ((Veeam addreses this by recommends to place the VBR server in a non-domain environment or in a management network), and the application of contextual policies via Policy Enforcement points (PEPs). This principle also addresses strong authenication for all subjects, assume breach and ensuing and validating data integrity.
The Zero Trust Data Resiliece” principles includes a reference architecture and a new sets of capabilities for the Zero Trust Maturity Model”. These are enhancements to the existing Zero Trust framework which in turns improves security posture.
Demystifying Zero Trust with Veeam: ZTDR Principles
As mentioned in the block above, these are just enhancement to the existing framework. Here are the core principles of Zero Trust Data Resilience (ZTDR) are:
- Least Privilege Access
- Immutability
- System Resilience
- Proactive Validation
- Operational Simplicity
Least priviledge
Since this is applicable in a lot of areas in the network. In respect to ZTDR. The backup management itself must be in an isolated on the network as mentioned above. In this way, unauthorized users or devices will not be able to access it.
This is also applicable to the storage system. With this approach, these devices will not be discoverable via any of the reconnaissance approach. As such, a vulnerability (Zero-day) can not be exploited. Therefore, appriopirate segmentation is a ncessaity for this principle.Here is guide on the differences between Lite-Touch and Zero-Touch installation. See how to fix “There was an error opening the Trusted Platform Module snap-in: You do not have permission to open the Trusted Platform Module Console”.
Immunitability
Amid the rampant spread of ransomware, the concept and adoption of immutability have gained widespread acceptance.
An immutable backup is characterized by using a storage mechanism that, once written, cannot be altered.The premise is that, even if a malicious actor were present on the network and able to take control of the backup system and have access to backup storage. They would be unable to delete or modify (encrypt) the backed-up data.
Some immutability comes from physical properties of storage media, such as Write-Once-Read-Many optical disks, while newer technologies use media with immutability enforced at hardware, firmware, or software layers. Do you need a hardware solution for this, object First got you covered (out-of-the-box-immunitabilty)”.
Here is how to set up Veeam Backup for Microsoft Azure, fix the “The security database on the server does not have a computer account for this workstation trust relation [Part 1]“.
System Resilience
Veeam believes that this should be applicable to the IT ecosystem at large which comprises of the tools, technologies, and the processes related to the data protection (backup and recovery).
The backup infrastructure should exhibit resilience to both failures and attacks. An illustrative example is the NTP server; when it becomes unavailable, there is a risk of malicious manipulation of data backups. Establishing a distributed and heterogeneous backup data storage system, spanning across different geographies, serves as a proactive measure to mitigate such risks.
This can be further enhanced by segregating the backup data from the backup management system as mentioned above. This is because, when the managment network is compromised, the backup will still be intact.
Therefore, a backup management system that can be spun up easily via the backup configuration file is paramount in this case.
Also, the the backup system must support both recovery into this different environment should in case the production environment is flooded or partially declared inhabitable.
Note: The backup system itself despite immutable, should also be hardened to reduce its vulnerabilities and limit potential attack surfaces. This can be a user-configurable system or a pre-hardened appliance.
There are different Zero Trust Products in the Market today. But I will show you how you can harden your system using the Applocker. Here is an article I have created on how to prevent local administrators from managing BitLocker with the manage-bde command.
Proactive Validation
To ensure the reliability and efficiency of the backup system. It should be effectively monitored for performance and security issues. This involves validating all aspects and processes. With Veeam ONE, you are covered as it delivers proactive management with real-time visibility to ensure confidence in your ability to monitor and maintain your best line of defence
Another aspect that must be considered within the core principles of Zero Trust Data Resilience (ZTDR) is the task to perform recovery verification. This is the reliability and the efficacy of a recovery process. An example of this technology is surebackup. SureBackup allows you to test machines backups and check if you can recover data from them.
To ensure the recovery of critical business data during unpredictable and potentially stressful situations, it is crucial to establish and regularly exercise a well-documented backup recovery process. This responsibility should not be confined to a single individual, considering the potential unavailability of personnel due to vacations or sickness. Regularly performing and refining the backup recovery process proactively prepares the team for efficient and effective data restoration, reducing the impact of unforeseen events.
Lastly, the ability of the backup system to be able to detect malware infections and categorize them as clean backups. Interestingly, Veeam Backup & Replication allows you to manage the malware status of machines and specific restore points. Data validation must be done correctly to adhere to data privacy and data residency requirements.
Operational Simplicity
Last but not least these core principles emphasize creating a system that is easy to administer while still delivering the necessary capability, scalability, and sophistication to meet your business needs. Introducing a system that is overly complicated to administer is not a solution your business requires.
Note: The KISS Principle “Most systems work best if they are kept simple rather than made complicated; therefore, simplicity should be a key goal in design, and unnecessary complexity should be avoided”.
I recently evaluated a product, I could deploy. But to me, it was overly complex and a lot of native applications were capable of doing the same. There was no need for such a tool.
You would agree with me that Veeam Data Platform fulfils these requirements above and beyond!
Zero Trust Data Resilience: Extended Maturity Model
With the above theories and best practices, careful planning is required to successfully implement ((Zero Trust) Data Resilience))! Just as there are different business goals, so also, there are different data backup architectures. An emphases to the golden backup rule was not left out!
ZIDR requires careful planning, and incremental adoption. Like most frameworks similar to Microsoft architecture, an actionable best practices framework to help guide you through this journey where each phase includes guidance, best practices, resources, and tools to help you drive your own implementation. These new functions that builds on the underlying CISA Zero Trust Maturity Model are:
- Access to Enterprise Data and Systems
- Access to Backup Storage and Data
- System Resilience
- System Monitoring and Validation
Zero Trust is a multifaceted journey that can span many years. Clearly defining the goals, outcomes, and architectures make organizations more successful than taking a reactive approach. I would recommend taking a look at ZTDR white paper for more information to see their Veeam-referenced architecture and implementation plan.
The Goodnews is, you can achieve the radical resilience that only comes from having complete confidence in your cyberthreat protection, response, and recovery with Veeam’s Solutions. With the new new Veeam Data Platform release with a security fiocus will help you achieve all that have been discussed in this piece.
In addition, this release [23H2] continues to provide more of the tools you need to take a stand against cyberattacks. All these new tools are based on the foundation that began with Veeam Backup & Replication but continues to expand in both the depth and breadth of data protection
I hope you found this article useful on “Demystifying Zero Trust with Veeam: Design your Architecture”. Please feel free to leave a comment below.