Headspace > ARTICLES > Uncategorized > The Zero to Hero Dynamics to Data Protection – Zero Trust Data Protection (ZTDP)
  • Posted by: admin

With the increased digitalization and the continuous integration of Information Technology in business, and the criticality of Data, the security framework, originally developed by Forrester Research analyst Jon Kindervag in 2009, discarded the idea and practice wherein organizations have a “trusted” internal network and an “untrusted” external network.  He is best known for creating the revolutionary Zero Trust Model of Cybersecurity – the buzzword in contemporary information system management. 

The need to dynamically meet the access and usability demands of modern employees and consumers, further aggravated by the shift in the new world of work, both public and private organizations are moving towards a more robust and comprehensive security posture that is centred around the zero trust principle of “never trust, always verify.”

Basically, Zero Trust is about moving away from traditional perimeter-based security approaches and embracing a workload-first, data-driven, and identity-aware security model. This is capable of improving security and serve as a critical lever to improve the employee experience (EX). It stresses the need for information system security teams to eliminate the dangerous trust assumptions underpinning perimeter-based security architectures, and embrace the Zero Trust mindset that maintains the disposition that says “do not trust anything you are not required to trust and verify everything that must be trusted.”

In must be acknowledged that data sharing is the basis for all business processes and the cardinal driver of operations and productivity in organizations. Netskope reported that in today’s world, more than 50% of organizations’ data is in the cloud and the typical enterprise now deploys more than 2,400 cloud applications. At the same time, data protection remains the nexus between cloud apps, web services, and an increasingly larger number of remote users in support of modern business initiatives. This further create increased data dispersion in the web and cloud, across personal, private, and corporate instances, increasing the risk of data exfiltration and inadvertent, or intentional, exposure. Hence, it goes without saying that data protection is more difficult today than ever before. As revealed by Netskope Threat Labs research sensitive data increasingly move laterally across cloud applications such as from Microsoft Teams to OneDrive or SharePoint. A growing trend is employees exchanging data between corporate and personal app instances. The research finds that 83% of employees use personal app instances on managed devices and an average of 20 file uploads each month to these personal apps.

At this juncture, it is important to note that data compromise can emanate from both external and internal threats, among many different ways. While external threats can come in the form of malware or ransomware; internal threats often come through malicious insiders working from behind trusted accounts. Insiders can become a threat simply by clicking a phishing link or being tricked by a social engineering attack. Missing a database update or minor misconfiguration could be just the hole an attacker needs to subvert a business. Zero trust is a framework that should address all of these potential attack vectors.

Findings from Security Intelligence studies revealed that in the Cost of a Data Breach report, organizations that have not deployed a zero-trust program faced data breach costs averaging $5.04 million. Those that were zero trust “mature” saw those costs decrease by $1.76 million. Even the firms in the “early stage” of deployment are faced with an average burden of $660,000. In short, zero trust can mitigate the impact of a breach, but with only 35% of organizations have deployed this framework, it is critical to understand what it is and how it helps.

In the light of the foregoing, Netskope further created a new security framework referred to as the Zero Trust Data Protection (ZTDP), which is the application of the zero trust concept to data protection.  Flowing from the logic of Zero Trust, Zero Trust Data Protection is the concept of not inherently trusting any user, device, application, or service with data access.

While the zero-trust concept is usually applied towards access to networks, devices, and servers, the rapid growth of cloud computing has shifted the requirements of zero trust towards data protection. It’s not enough to apply zero trust to networks when data is not stored locally as often and is, instead, stored across numerous SaaS, IaaS, and PaaS clouds. To this end, data in the cloud is conceived as a building full of rooms with locked doors and each lock has its own individual key, wherein user access is granted only to the room with the exact data that they need and nothing else.

Why Zero Trust in Data Protection?

At this point, it must have been clear to us that Zero Trust is not a technology, but an architectural philosophy and strategy, which when duly orchestrated and implemented, comes with the following benefits, among other:

  • Continuous risk assessment
  • Data context and sensitivity awareness, for better policy enforcement
  • Enables safe access-from-anywhere
  • Ensures data is protected everywhere – both at rest and on transit
  • Adheres to current Nigerian Data Protection Regulation (NDPR) and other data protection compliance standards

Essentially, Zero Trust Data Protection can be seen as the brain, while Secure Access Service Edge (SASE) is the central nervous system of your security infrastructure that connects your entire security infrastructure. Zero Trust Data Protection is the first line of defence against unauthorized data access and exfiltration. As such, when combined with security tools in a Secure Access Service Edge (SASE) architectural framework, Zero Trust Data Protection allows administrators to set targeted and granular rules that adhere to company policies of data access while benefiting from the straightforwardness and efficiency of SASE. These policy controls are broken down into numerous parameters, including:

  • Users
  • Devices
  • Applications
  • Threat types
  • Geographical locations
  • Access times
  • Data context
Author: admin

Leave a Reply