Zero Trust: Never trust, always verify

Traditional security models rely on perimeter-based security, like trusting users simply because they are connected to the corporate network inside the firewall. But the evolving threats that organizations are facing in 2024 are much more complex, sophisticated, and nuanced. The old model is no longer effective in this modern paradigm.

We all know that attacks are not 100% preventable, and Zero Trust operates under the assumption that you’ve already been breached. Instead of providing any implicit trust for access, you verify every access at every point—every time.

So, what are some industry-leading capabilities in NetApp’s approach to data-centric Zero Trust?

Data management is an area where Zero Trust is vastly important. Otherwise, a malicious external actor or insider can completely remove access to—or even destroy—valuable data. Multi-admin verification (MAV) ensures that certain operations, such as deleting volumes or NetApp^® Snapshot™ copies, can be executed only after approvals from additional designated administrators. This prevents compromised, malicious, or inexperienced administrators from making undesirable changes or deleting data. In practical terms, this means that no important or critical data gets deleted without an extra layer of approval.

Another area involving management of data is automation. For businesses leveraging automation for autoprovisioning and deployment, token-based authentication offers a simple, secure way to control access in a fast-paced environment. Access tokens provide a method of authentication with the REST API or Ansible modules, without exposing usernames and passwords. A token is associated to a specific user (including LDAP users) or service account and includes limited-privilege access and an expiration time to prevent an attacker from stealing the token and using it later.

Zero Trust concepts shouldn’t just be applied to data management—they should also be applied to data access. Basic file permissions, although supported in NetApp ONTAP^® software, are no longer enough to secure data access. For even more granular security, attribute-based access control (ABAC) can keep data properly classified and protected at every level. ABAC policies can be used to restrict file access for a specific individual or group, even if the site or folder would otherwise be accessible to a wider audience with traditional file-based permissions only.

With NetApp’s Zero Trust approach, you’ll have full visibility over who is accessing your data and how it’s being managed. Whether it’s through real-time auditing or seamless integration with your SIEM (security information and event management) monitored by your security operations center, you’ll always be in control.

To learn more about building a Zero Trust architecture, check out our white paper. And to dive deeper into our video series and learn how to architect true cyber resilience, binge the rest of our series playlist.