How many different ways can data be compromised? First, both external and internal threats can target it. External threats can come in the form of malware or ransomware. Meanwhile, internal threats can come from malicious insiders working from behind trusted accounts. Insiders can become a threat simply by clicking a phishing link or being tricked by a social engineering attack. Missing a database update or minor misconfiguration could be just the hole an attacker needs to infiltrate a business. Zero trust is a framework that should address all of these potential attack vectors.
In fact, according to the 2021 Cost of a Data Breach report, organizations that have not deployed a zero trust program faced data breach costs averaging $5.04 million. Those that were zero trust “mature” saw those costs decrease by $1.76 million. Even those firms in the “early stage” of deployment had $660,000 less of a burden. In short, zero trust can mitigate the impact of a breach, but with only 35% of organizations having deployed this framework, it is critical to understand what it is and how it helps.
Read the report
From Zero to Hero: Dynamic Data Security
Slogans like ‘never trust, always verify’ only hint at what zero trust is. Zero trust is the ongoing evaluation of each connection (and its security posture and needs) accessing resources within your enterprise These connections can be employees, partners, customers, contractors or other users. But connections can also mean devices, apps or even networks. Zero trust wraps a defense around each connection in a dynamic way, adjusting access rights and other privileges depending on risk status.
With identity, data security, threat intelligence and other critical tools constantly providing context about each user, device and connection, a profile can be built, spotting who or what may be a risk. But it is often less about who is a risk and more about who isn’t.
In the case of remote work, for example, millions of employees now access data from home networks on unknown devices. While a given worker may not have been a threat in the office, that might change once that worker switched to a home office. The typical thinking would be to block access to the corporate network and apps for that user.
Watch the on-demand webinar
Keep Running Smoothly
However, another aspect of zero trust is to let businesses keep running smoothly while ensuring they remain secure. In this way, that same risky worker would need to have access privileges looked at again. To maintain safety, your system should do this as precisely as possible. You can adjust privileges to match changing risk levels based on the context. That context in turn is provided by checking against security data, database and app use, location and other pertinent details and logs about the user.
Zero trust goes beyond the binary of ‘block’ or ‘allow’. It means users the system considers a minor risk can still access the minimum tools needed to complete their tasks. As the users become less risky, they can be granted more latitude in the data they access. Or conversely, as they become more of a risk, you can take direct action to limit their access or reach.
Prioritizing Data Security With Zero Trust
When defining zero trust, it should seem obvious where data security comes into play. It is not just another tool in the framework but a critical piece. Data discovery and classification, data activity monitoring, data security analytics and integration with identity, threat intelligence and response tools give end-to-end zero trust cover.
By discovering where sensitive data lives, we can develop data security and governance policies in line with security, compliance and privacy goals. We can monitor and protect sensitive data sources first. This delivers a steady stream of data to help an analytics engine build practical insights and score based on the level of risk. That engine can then act upon these insights directly. Or, it can share them with key security and business stakeholders. This way, people can modify policies and orchestrate a wide response to data threats on an ongoing basis.
It is vital that other tools monitor the network, endpoints or user access. However, it is the data security platform that detects odd behavior directly related to sensitive data. If a user clicks a suspicious link and downloads smartphone malware, that is certainly dangerous.
But how dangerous is it?
How Zero Trust and Other Platforms Work Together
The answer comes with the way you can add zero trust into other platforms. Data activity monitoring and data security analytics need to log and analyze that user’s actions across many sources. If that user has access to privileged credentials, a data security platform needs to integrate with privileged access management tools to uncover whether that user has used those credentials to do anything suspicious. If they have, data security tools — further promoting zero trust — must send actionable risk insights to a SIEM or a SOAR platform to ensure the security operations center team is notified as they trace this potential threat across internal systems.
Without data security tools in place, the zero trust framework cannot be supported well. But if what people are doing with your data becomes a blind spot, knowing which users present the greatest risk of a data breach becomes more difficult. And that is not a problem any organization can afford.
Learn more about how Guardium Insights is built to protect hybrid multicloud environments in this on-demand webinar with IBM Security and EMA.
Former Product Marketing Manager, IBM Security Guardium Insights for IBM Cloud Pak for Security