Brought to you by:
Enterprise Strategy Group | Getting to the Bigger Truth™
ESG SHOWCASE
The Need For Zero Trust Data Security
By Scott Sinclair, Senior Analyst; and Monya Keane, Senior Research Analyst
AUGUST 2021
Abstract
Cyber-attacks represent an incredibly destructive and ever-present risk to modern businesses. Data is often the most valuable asset of these businesses, and their legacy storage environments can be plagued by security weaknesses. RackTop Systems, a data security company founded by former NSA engineers, is rethinking how to better secure data storage with its zero trust data security model that offers an added layer of defense to the business’s vital data.
Overview
Data has become a crucial asset to modern, digital businesses. But as the value of data increases, the risks stemming from cybersecurity threats increase as well.
Nearly half of the storage decision makers surveyed by ESG (49%) agreed that data essentially is their business.1 It is unsurprising, then, that nearly half of surveyed IT organizations (47%) also say that strengthening cybersecurity is one of the IT initiatives expected to drive most of their technology spending in 2021.2
An increased number of infiltrations, data thefts, and ransomware attacks have headlined the news recently—notably SolarWinds, Colonial Pipeline, and JBS. These attacks have placed considerable cost and distress not only on the businesses themselves, but also on many consumers who rely on the services such companies provide.
Organizations must make developing and implementing stronger cybersecurity practices top priorities right now. This includes putting tools into place to quickly identify, remediate, and recover from attacks that do get through. However, those activities alone might not be enough. Given the size and scale of modern IT and business operations, securing the entire data ecosystem is becoming even more complicated because:
• Data and application growth has resulted in “data center sprawl” that extends beyond the classic data center to hybrid and multi-cloud environments.
• The pandemic led to a massive uptick in the number of remote workers, a situation that looks as if it will continue for some time. Remote workforces can introduce more risk if the workers are irresponsible about addressing the cybersecurity risks tied to their own home networks and internet-connected devices.
Considering the current state of affairs, a need exists for an extra, more active layer of defense against unauthorized data access. Fortunately, RackTop Systems is quite aware of the urgency of this need. RackTop is a true innovator in this space, offering technology built by former U.S. National Security Agency (NSA) engineers.
The Increasingly Diverse and Complex Data Security Landscape
Three quarters (75%) of surveyed IT decision makers believe IT is more complex than it was just two years ago—that percentage is 11 points higher than last year. Specifically, the ESG survey revealed the top drivers of IT complexity center on increases in remote workers (49%), new data security and privacy regulations (38%), higher data volumes (38%), and the ever-evolving cybersecurity landscape (35%).3
For finance organizations, the impact is even higher: 41% of finance organizations identified that drivers of IT complexity at their organizations are tied to the increasing or changing cybersecurity landscape, and 42% identified new data security and privacy regulations.4
As IT environments grow and become more dispersed, securing those environments becomes more complex. These requirements are often a top concern for government organizations, especially in the federal space, where insider threats are constant, ever-present concerns. ESG research indicates that the shift to remote work is likely to remain, which will make security even more difficult in the coming months or years when it comes to securing file shares and similar collaboration platforms. Forty-four percent of survey respondents want to keep as many employees working remotely as long as possible, and 72% say their organizations are now more “pro-work-from-home.”5 But the challenges related to supporting so many remote workers include:
41% of finance organizations identified the increasing or changing cybersecurity landscape and 42% identified new data security and privacy regulations as drivers of IT complexity at their organizations.
• Securing collaboration platforms, reported by 42% in North America and 35% in Western Europe.
• Overcoming increases in cybersecurity vulnerabilities resulting from increased remote work, reported by 41% in North America and 44% in Western Europe.6
Ransomware
Certain industries appear to be particularly affected by ransomware lately. Seventy-six percent of healthcare organizations have experienced a ransomware attack, with 41% experiencing such attacks on a weekly or daily basis. Similarly, 49% of the financial industry (including Insurance) has experienced a ransomware attack, with 24% seeing them on a weekly or daily basis.7 Overall, as Figure 1 shows, 70% of businesses report experiencing at least one attempted ransomware attack within the last year.8
Figure 1. Frequency of Ransomware Attacks
To the best of your knowledge, has your organization experienced an attempted ransomware attack within the last 12 months? (Percent of respondents, N=303)
Source: Enterprise Strategy Group
RackTop Systems—Zero Trust Data Security for Modern File Environments
RackTop Systems is an innovative storage vendor founded by NSA engineers who are committed to designing their offerings from the ground up with cybersecurity in mind. The company is enjoying recognition for these efforts, receiving awards such as the 2021 Fortress Cybersecurity Award, the 2021 Infosec Award from Cyber Defense Magazine, and 2020 Cyber Security Excellence Awards.
RackTop’s approach centers on applying zero trust principles to data storage via their BrickStor Security Platform (BrickStor SP) product. Specifically:
• BrickStor SP actively evaluates trust for each file operation in real time based on client IP, user account, file activity and other behavioral identifiers to provide security and visibility necessary to defend against modern attacks.
• BrickStor SP detects irregular and malicious behavior and then alerts the organization’s security or infrastructure team to stop the user and host from being able to steal, manipulate, or access files until the behavior is investigated and, as needed, mitigated.
Using this software-defined storage technology should provide confidence that it can replace and modernize an existing NAS platform. BrickStor SP can run as a virtual machine at the edge or in the cloud, and it can easily leverage existing storage capacity already within the infrastructure.
Organizations using BrickStor SP should see several key benefits. For example, this solution:
- Automatically detects and stops insider threats and ransomware attacks on file data.
- Automatically maintains immutable copies of files for rapid file-level recovery.
- Instantly reports on what files were accessed.
- Automatically alerts security and infrastructure teams via email and webhooks with customized responses and automatic incident reporting.
- Delivers essential features to modernize existing production NAS storage.
"Organizations need to assume they’re going to be attacked. And when they discover that they’re under attack, they need to understand how they are going to be able to operate and continue to deliver critical services… RackTop provides a way to protect the data, with a solution that isolates/segments infections while allowing a business to continue to operate—versus shutting down and then ultimately paying the ransom."
Scott Sinclair, Senior Analyst, ESG
The Bigger Truth
With ransomware attacks gaining a higher profile, people are beginning to realize that a decision that an unknown IT person made in the past can directly affect their wallets and life. Suddenly, customers find that they can’t fill up their gas tanks because somebody within IT at an unfamiliar company wasn’t serious about data security. People wouldn’t have made that connection not too long ago.
At ransomware-targeted organizations, often the IT infrastructure is an afterthought. Those businesses focus on running their core operations, not on “being a technology company.” Smaller companies such as ferry services are being targeted because their areas of expertise lie so far from fundamental IT. They’re hit with an attack and the ramifications are felt by all. Some businesses have even had to shut down temporarily. That was their only option because they didn’t have a cyber-resilient architecture.
Organizations need to assume they’re going to be attacked. And when they discover that they’re under attack, they need to understand how they are going to be able to operate and continue to deliver critical services.
Cybersecurity is a broad topic. There’s great focus on the network, but data security and zero trust are equally important. Don’t just implement a zero trust VPN; protect the data, too. The data is what the bad guys are after.
Fortunately, RackTop provides a way to protect the data, with a solution that isolates/segments infections while allowing a business to continue to operate—versus shutting down and then ultimately paying the ransom.
Data Security Platform for Unstructured Data
DOWNLOAD PDF REPORT
This ESG Showcase was commissioned by RackTop Systems and is distributed under license from ESG.
1 Source: ESG Research Report, Data Storage Trends in an Increasingly Hybrid Cloud World, Mar 2020.
2 Source: ESG Research Report, 2021 Technology Spending Intentions Survey, Jan 2021.
3 ibid.
4 ibid.
5 Source: ESG Master Survey Results, 2021 Technology Spending Intentions Survey, Dec 2020.
6 ibid.
7 Source: ESG Research Report, Tape’s Place in an Increasingly Cloud-based IT Landscape, Dec 2020.
8 ibid.
All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.
Enterprise Strategy Group | Getting to the Bigger Truth™
Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.