What Does Myriad Bring to the Zero Trust Cloud Game?
When it comes to discussions of cloud security, the issue of malicious insiders isn’t one that comes up terribly often. The lessons of the Capital One breach, however, teach us that we can’t automatically trust any single user or machine.
The “castle and moat” method of cloud security no longer make sense. We can’t just protect data from the outside while allowing access to anyone on the inside. We also can’t put all our trust in a single cloud vendor.
Zero Trust cloud security solves both issues. First, it requires any person from inside or outside the network to verify their credentials before accessing any resources. Second, data isn’t stored in just one place, but instead is broken up and distributed among several different cloud vendors.
In this blog, we’ll talk about some of the unique vulnerabilities of cloud storage. Then, we’ll discuss the way Myriad is addressing them through Zero Trust cloud
The Issues with Traditional Cloud Security
When considering the possible repercussions of a security breach, you can never be too careful. Some estimates place the cost to Capital One at up to $500 million dollars. That’s for a breach caused by a single individual with malicious intent.
The older model of data security placed everything sensitive behind a firewall. But the potential for breaches with that system is high: it provides the same security for everyone “on the inside.” So, for example, someone in sales might have access to accounting documents.
Traditional cloud security relies on trusting internal employees to do the right thing 100% of the time. Yet this leaves vulnerable data virtually unprotected from anyone on the inside with malicious intent. Creating more internal barriers and more firewalls can be useful. It may keep employees from accessing parts of the network they don’t need for their job.
Considering the Cloud, Covering the Bases
Most employees are trustworthy and can be counted on not to exploit sensitive data. But “most” is not “all,” and network security requires more certainty.
The philosophy of Zero Trust ensures that someone does attempt to pull off a breach, they aren’t likely to be successful. These precautions are taken to limit access and protect information from employees inside the organization. Shouldn’t it follow that outside cloud vendors be held to the same standard?
This is where Zero Trust cloud storage comes in!
We can’t automatically assume that outside vendors hold the same security standards as the companies they serve. Nor can a catastrophic failure of existing security methods on the part of even the most vigilant vendor be discounted.
There are other issues at play as well. Replication services such as Amazon Web Services span across different geographic distances and data centers, but what happens if something that impacts the organization at AWS impacts your ability to access or protect that data?
What if a vendor is hit by something like the Stuxnet virus, which hops from system to system until everything is destroyed?
Concerns like this make it imperative for companies to create redundancy among several vendors.
Encryption and Futureproofing
Looking forward, archives are must be retained in the cloud for decades to come. With that in mind, it’s important to consider the security threats of the future.
It might sound a little crazy, but it’s a good idea to prepare for threats that haven’t even been invented yet. Long-term cloud storage solutions should enjoy long-term security and foresight.
There are several ways one might futureproof the data you store. You might consider:
· The possibility of brute force attacks from next-gen computers
· Which documents need encryption (and what kind)
· How long documents must be stored and encrypted
By splitting data up into small pieces and encrypting them, brute force hacking or decryption become nearly impossible. In that instance, decrypted data would still be useless to a hacker. There wouldn’t be enough usable information to make any sense of the data they decrypted.
Introducing Zero Trust Cloud Security
In a perfect world, you wouldn’t have to rely on anybody else to manage sensitive or business critical information. Instead, you could be sure that nobody else could be responsible for breaches to your data.
Unfortunately, that is not the case. So, when dealing with outside vendors, it’s important to ask, “who can you trust?”
By answering “no one,” and developing solutions with that assumption in mind, Myriad removes outside vendors as points of vulnerability.
What Are the Benefits of Zero Trust Security?
Any data that reaches and sits on outside vendor servers is encrypted (local or client side), which is pretty standard practice.
Myriad goes one step further, though. Myriad shards the data and spreads it across independent vendors. (Sharding means breaking the data into small block sizes.)
Sharding effectively eliminates that outside point of vulnerability. Even if there is a breach at one of the vendors—or if a physical device is tampered with—no usable information would be available. They would get only an unusable fraction of the data they sought. Essentially, it means that if anyone reaches into the cookie jar, all they’ll find are crumbs.
Sharding Increases Data Availability, Too
Data availability should also be a concern for cloud security. That “Zero Trust” designation assumes no trust in the resiliency of data.
Sharding does spread data across multiple vendors. Wouldn’t that expose your data to the threats of each vendor?
What happens if one of those vendors experiences a service disruption or catastrophic data loss from a Stuxnet-like virus?
Myriad is also inspired by RAID technology to increase system resilience. This means we include specially calculated values (parity or XOR values) in the distributed data fragments. Users are thus protected from any service outages or data loss at the attached cloud vendors:
On their own, these values add no additional value to hackers. However, when combined with the matching fragments on any other cloud storage node, they can recreate any missing values. The result is better data availability and protection against outages than replication.
Zero Trust Cloud Security Takeaways
The unique Zero Trust cloud security service provided by Myriad is useful for any organization storing sensitive data, such as medical, legal, or financial information. It is particularly beneficial to the financial services industry, largely because of regulatory concerns around security risks that come with cloud storage.
Even if a breach wouldn’t be as large-scale as an Equifax or Capital One, it could still devastate an organization financially and publicly. By protecting user access points, keeping encryption keys safe, and decentralizing data, Myriad provides a distinctive and secure solution.
Subscribe to our blog to read more about cloud security and data resilience. Or follow the links below to see what else we’ve written lately.