9 Zero trust security is built on a simple but uncompromising idea: trust should never be assumed. Every user, device, application, and system interaction must be verified continuously, regardless of where it originates. This model rejects the idea of a trusted internal network and instead assumes that compromise is always possible. As organizations adopt cloud services, support remote work, and manage data across hybrid environments, zero trust has become a foundational security principle. But while much of the zero trust conversation focuses on identity, access, and network controls, one area is often underemphasized: data and storage. When attackers inevitably bypass perimeter defenses, storage systems and backups become the final line of defense. This guide explores zero trust security best practices with a deliberate focus on data protection, backup, and storage resilience. What is zero trust security? Zero trust security is a cybersecurity model that eliminates implicit trust. No user, device, or system is trusted by default, whether it is inside or outside the network. Every access request is evaluated dynamically based on identity, context, policy, and risk. Key characteristics of zero trust security include: Continuous authentication and authorization Least privilege access for all identities Explicit verification of devices and workloads Strong protection of sensitive data at every layer Rather than relying on static network boundaries, zero trust shifts enforcement closer to the resources themselves—especially data. Why zero trust matters in modern environments Traditional perimeter-based security assumed that once attackers were kept out, internal systems were safe. That assumption no longer holds. Phishing, credential theft, misconfigurations, and supply chain compromises allow attackers to operate using legitimate access. Once inside, attackers often target data directly. Ransomware, data exfiltration, and backup destruction are common next steps. Zero trust responds to this reality by assuming breach and designing controls to limit impact rather than prevent every intrusion. In this context, protecting access is necessary—but protecting data integrity and recoverability is critical. Core principles behind zero trust Zero trust security is guided by four core principles: Explicit verification: Every request must be authenticated and authorized using multiple signals. Least privilege: Access is narrowly scoped and time-bound. Assume breach: Systems are designed with the expectation that attackers may already be present. Continuous evaluation: Trust is reassessed throughout the lifecycle of access and usage. These principles apply not only to networks and identities, but also to how data is stored, accessed, and protected. Zero trust security best practices 1. Treat identity as the primary security boundary In a zero trust model, identity replaces the network perimeter as the main control plane. Strong identity management is essential for both users and machines. Multi-factor authentication should be mandatory for all users, with additional safeguards for privileged roles. Service accounts and applications must also authenticate securely and rotate credentials regularly. Identity verification should be contextual, factoring in behavior, device posture, and access patterns rather than relying solely on static credentials. 2. Enforce least privilege across users, applications, and services Least privilege limits the damage attackers can do if credentials are compromised. Users should only have access to the data and systems required for their role, and nothing more. This applies equally to: Human users Applications and APIs Automation and backup processes Permissions should be reviewed continuously. Excessive or persistent privileges are one of the most common enablers of lateral movement and data exposure. 3. Segment networks and workloads deliberately Segmentation remains an important zero trust control, but it should be used to protect critical systems rather than as the primary defense. Production environments, management planes, and backup systems should be isolated from one another. Access between segments should be explicit, authenticated, and logged. Segmentation becomes especially important for protecting storage and backup infrastructure from compromised production credentials. 4. Validate device posture continuously Zero trust requires verifying not just who is accessing data, but from what device. Endpoint security posture—patch levels, encryption, and security tooling—should influence access decisions. A valid user on a compromised or non-compliant device should not receive the same access as a compliant endpoint. This is particularly important when accessing sensitive data or backup systems. 5. Secure data itself, not just access paths Zero trust architectures must treat data as a first-class security concern. Encryption, access controls, and policy enforcement should follow the data wherever it resides. All data in transit should be protected with strong transport encryption, including internal system-to-system communication. Data at rest should be encrypted by default across primary storage, secondary storage, and backups. Encryption alone is not enough. Strong key management, access auditing, and separation of duties are required to ensure that data remains protected even if infrastructure or credentials are compromised. 6. Monitor and log all data access and usage Visibility is a prerequisite for zero trust. Organizations must be able to see who is accessing data, when, and how. Access to sensitive datasets, backup repositories, and storage management interfaces should be logged centrally and monitored continuously. Anomalous behavior—such as sudden mass deletions or unusual access times—should trigger alerts and automated responses. Monitoring data access is often more valuable than monitoring network traffic alone, as it reveals intent rather than just movement. 7. Harden infrastructure with an assume-breach mindset Zero trust assumes that attackers will eventually reach internal systems. Infrastructure should therefore be hardened to limit the damage they can cause. This includes: Removing default credentials Restricting administrative access Enforcing strong authentication for management interfaces Applying consistent security baselines Storage and backup systems should be hardened just as aggressively as compute and network components. 8. Zero trust data storage: the final line of defense When identity controls fail and networks are breached, storage becomes the last barrier between attackers and irreversible damage. Zero trust data storage assumes that attackers may reach storage systems and designs protections accordingly. Access to storage should be tightly controlled, audited, and segmented from production environments. Backup systems are particularly critical. Modern ransomware attacks routinely attempt to delete or encrypt backups to prevent recovery. If backups are treated as implicitly trusted internal systems, they become easy targets. Zero trust principles require that: Backup systems authenticate users and services explicitly Access to delete or modify backups is highly restricted Backup environments are isolated from production credentials Administrative actions are logged and monitored By treating storage as a hostile environment rather than a trusted one, organizations can preserve data integrity even during active attacks. 9. The role of immutable storage in zero trust Immutable storage plays a critical role in zero trust architectures by protecting data against both external attackers and compromised insiders. Immutability ensures that once data is written, it cannot be modified or deleted for a defined retention period. This directly addresses one of the most damaging attack techniques: the destruction of backups. Within a zero trust model, immutable storage: Enforces least privilege at the data layer Prevents malicious or accidental deletion Provides a reliable recovery point after ransomware events Reduces dependence on perimeter defenses Immutable backups align naturally with the “assume breach” mindset. Even if attackers gain administrative access elsewhere, immutability ensures that recovery data remains intact. 10. Build zero trust into data operations and recovery planning Zero trust is not complete without operational readiness. Data recovery workflows should assume compromised credentials and hostile conditions. This means: Testing restores regularly Verifying that backup access controls work under attack scenarios Ensuring recovery processes do not rely on a single trusted identity Operational discipline turns zero trust from an architectural concept into a practical resilience strategy. Bringing zero trust and data resilience together Zero trust security is often framed as an identity and network problem, but its success ultimately depends on protecting data. Identity controls reduce risk. Segmentation slows attackers. But storage and backups determine whether an organization can recover. By extending zero trust principles to data storage—through encryption, access controls, monitoring, and immutability—organizations ensure that even when defenses fail, data remains protected and recoverable. Zero trust is not about eliminating trust entirely. It is about placing trust where it belongs: in verified controls, resilient systems, and data architectures designed to withstand failure.
