Time is always of the essence in the case of system administration and IT operations teams. They address the countless issues coming in from other departments: “My network is acting funky, and I’m about to go on a meeting with an important client,” “I accidentally deleted every important email I have ever received from the last four years,” “my laptop won’t turn on.” System administrators (sysadmins) must answer every call and fix every problem from the hyper-critical to the utterly mundane. Then, there are the external factors to consider that make the job that much more demanding.
One contributing factor is the rapid adoption of generative artificial intelligence (AI). Last year, this tool was introduced to the market at large, and now most organizations are implementing this innovation to drive business value, streamline operations, diminish repetitive tasks, etc. Though there are many use cases for AI, 51% of organizations continue to view cybersecurity as a pressing issue, according to a recent survey by McKinsey & Company. While AI has helped make many jobs easier, it has also introduced a bevy of new issues that sysadmin specifically have to address.
AI has elevated phishing, deep fakes, and blackmail tactics that target employees, causing sysadmins to deal with a slew of terrible threats – threats that must be addressed quickly to prevent prolonged damage to a business’s data. These attack vectors are used to compromise employees and get them to grant access to company secrets and privileged information. In case of an attack, it is essential to have backups on and off-site to store and protect critical systems and sensitive data. Though backups can’t prevent data exfiltration, they enable organizations to restore lost files, minimize downtime, save on expenses, and enhance data security.
With the majority of attacks (96%) now targeting backup repositories first, they are becoming increasingly vulnerable. Sysadmins must be aware of upgraded data protection strategies that include these critical components. Given the current attack landscape, there is one thing sysadmins must know: It’s time to up their zero trust game.
Zero trust is a security concept that assumes no user or device within or outside the network is trusted, requiring verification for every access request to secure resources. It’s a great set of principles if they are followed. However, zero trust models typically fall deficient in the backup and recovery space.
Thus, there has been a push for system and backup administrators to research and understand zero trust data resilience (ZTDR), an enhancement of the original zero trust maturity model built explicitly for backup software and backup storage. If applied correctly, this zero trust framework can ensure that you will always have a safe recovery place and avoid paying a ransom no matter where the attack occurs and what it targets.
To adapt to the breadth of new threats, consider expedient education and adoption for all IT-oriented individuals if zero trust hasn’t been implemented across your apps, infrastructure, and data protection strategies. There are three main pillars of the ZTDR strategy:
- Segmentation: Separate backup software and backup storage to enforce least-privilege access and minimize the attack surface and blast radius.
- Multiple data resilience zones: Create security domains that comply with the 3-2-1 backup rule and ensure multi-layered security.
- Immutable backup storage: Protect backup data from modification and deletion along with zero access to root and OS, defending against external attackers and compromised administrators.
Sysadmins take on a substantial number of threats in their day-to-day operations. In a field filled with stress and reactivity, employing zero trust strategies for backups will prevent data loss and protect data integrity to make a difference in what feels like a never-ending job. Developing a detailed backup strategy is paramount for business continuity and minimizing data disruption. Let’s approach these increasingly complex threats with lots of scrutiny, little trust, and loaded security.