Rethinking data protection in the 2020s

Some interesting observations of the architectural differences between ARM and x86 in this article but…Here’s the challenge, if data is distributed around public cloud(s), private clouds, edge computing etc. how do you backup/restore it in a secure way. Backup processes generally run at a high level of trust, that makes them a juicy target…:

 

[…] Zero trust is the new mandate and what realms do is create separation of vulnerable components by creating a physical bucket to deposit code and data, away from the OS. Remember, the OS is one of the most valuable entry points for hackers because it contains privileged access. It’s also a weak link because of things such as memory leakages and other vulnerabilities. Malicious code can be placed by bad guys within data inside the OS and appear benign – even though it’s anything but.

So in this architecture, all the OS does is create application programming interface calls to the realm controller. That’s the only interaction with the data, which makes it much harder for bad actors to get access to the code and data. And it’s an end-to-end architecture, so there’s protection throughout.

The link to data protection is that backup needs to be the most trusted of applications because it’s one of the most targeted areas in a cyberattack. Realms provide an end-to-end separation of data and code from the OS and is a better architectural construct to support zero trust and confidential computing in critical use cases such as data protection/backup and other digital business applications.

Our call to action is: Backup software vendors, you can lead the charge. Arm is several years ahead at the moment in our view, so pay attention to that and use your relationships with Intel to accelerate its version of this architecture.

[…]

Original article