“Never Trust, Always Verify” is the concept behind “Zero Trust”. The “Zero Trust” security framework was coined by former Forrester Vice President and Principal Analyst John Kindervag that created the idea of Zero Trust in 2009 to oppose the outdated assumption that everything inside an organization’s network should be trusted. As well-constructed firewalls became insufficient to deter intruders it became clear that this traditional approach that have served the corporate IT over several years requires a new model or approach.
The initial approach, back in 2009, was the concept of Micro-Segmentation, which is a network security technique that enables security architects to logically divide the data center into distinct security segments down to the individual workload level, and then define security controls and deliver services to each unique segment.
Today, the Zero Trust framework has been improved and we are talking about the Zero Trust eXtended Ecosystem and now the Zero Trust architecture includes multiple components which all have a responsibility to securing data and preventing data breaches. The Zero Trust eXtended (ZTX) architecture components include:
- Networks – the digitals paths data moves on throughout the lifecycle
- Devices – mobile, desktop, tablet, or any device that connects to the internet
- People – employees, office guests, partners, customers, malicious actors
- Workloads – applications, data movement and processing
- Data – the actual content that Zero Trust is focused on securing
Each of the components play a role in securing data as you apply the concept of Zero Trust to data access.
With Zero Trust implemented correctly, data breaches can be eliminated or minimized to small datasets. However, some breaches still occur because organizations do not rely on zero trust data security solutions. Data is the new oil, and it is precisely the “DATA” that outsiders and insiders are after when trying exfiltrate data from your organization.
As a result, what enterprises need to do is implement zero trust data security principles in addition to all the other security tools. Data security should have granular controls, beyond basic authorization for users and devices, your security team should use controls over endpoint applications, networks, SaaS, cloud applications, and data usage such as copy and paste.
Make sure they don’t allow unauthorized or unknown processes to access data. New or unauthorized applications that access data can cause ransomware attacks. Data security needs to be persistent. You should secure your data at all times: at rest, in transit and in use.
Make sure to secure data exported from SaaS services and/or internal applications and that it remains secured throughout its entire life cycle. Data security should be applied to the data itself not at the file level.
The recommendation is to look for solutions that persistently protects data by default so that you remain in control, even when information flows into your vendors hands. Even when it inevitably flows into the wrong hands. Ideally, the solution should provide a completely transparent experience to the end users. Today threats come from either outsiders as well as insiders, data itself should be protected from both.
By Carlos Liendo – Security Advisor – Over 40 years of executive experience in the Technology industry, running software development as well as sales and marketing organizations. In the last 7 years has been involved in providing data security solutions.