How many different ways can data be compromised? First, both external and internal threats can target it. External threats can come in the form of malware or ransomware. Meanwhile, internal threats can come from malicious insiders working from behind trusted accounts. Insiders can become a threat simply by clicking a phishing link or being tricked by a social engineering attack. Missing a database update or minor misconfiguration could be just the hole an attacker needs to infiltrate a business. Zero trust is a framework that should address all of these potential attack vectors.

In fact, according to the 2021 Cost of a Data Breach report, organizations that have not deployed a zero trust program faced data breach costs averaging $5.04 million. Those that were zero trust “mature” saw those costs decrease by $1.76 million. Even those firms in the “early stage” of deployment had $660,000 less of a burden. In short, zero trust can mitigate the impact of a breach, but with only 35% of organizations having deployed this framework, it is critical to understand what it is and how it helps.

Read the report  

From Zero to Hero: Dynamic Data Security

Slogans like ‘never trust, always verify’ only hint at what zero trust is. Zero trust is the ongoing evaluation of each connection (and its security posture and needs) accessing resources within your enterprise These connections can be employees, partners, customers, contractors or other users. But connections can also mean devices, apps or even networks. Zero trust wraps a defense around each connection in a dynamic way, adjusting access rights and other privileges depending on risk status.

With identitydata securitythreat intelligence and other critical tools constantly providing context about each user, device and connection, a profile can be built, spotting who or what may be a risk. But it is often less about who is a risk and more about who isn’t.

In the case of remote work, for example, millions of employees now access data from home networks on unknown devices. While a given worker may not have been a threat in the office, that might change once that worker switched to a home office. The typical thinking would be to block access to the corporate network and apps for that user.

Watch the on-demand webinar

Keep Running Smoothly

However, another aspect of zero trust is to let businesses keep running smoothly while ensuring they remain secure. In this way, that same risky worker would need to have access privileges looked at again. To maintain safety, your system should do this as precisely as possible. You can adjust privileges to match changing risk levels based on the context. That context in turn is provided by checking against security data, database and app use, location and other pertinent details and logs about the user.

Zero trust goes beyond the binary of ‘block’ or ‘allow’. It means users the system considers a minor risk can still access the minimum tools needed to complete their tasks. As the users become less risky, they can be granted more latitude in the data they access. Or conversely, as they become more of a risk, you can take direct action to limit their access or reach.

Prioritizing Data Security With Zero Trust

When defining zero trust, it should seem obvious where data security comes into play. It is not just another tool in the framework but a critical piece. Data discovery and classification, data activity monitoring, data security analytics and integration with identity, threat intelligence and response tools give end-to-end zero trust cover.

By discovering where sensitive data lives, we can develop data security and governance policies in line with security, compliance and privacy goals. We can monitor and protect sensitive data sources first. This delivers a steady stream of data to help an analytics engine build practical insights and score based on the level of risk. That engine can then act upon these insights directly. Or, it can share them with key security and business stakeholders. This way, people can modify policies and orchestrate a wide response to data threats on an ongoing basis.

It is vital that other tools monitor the network, endpoints or user access. However, it is the data security platform that detects odd behavior directly related to sensitive data. If a user clicks a suspicious link and downloads smartphone malware, that is certainly dangerous.

But how dangerous is it?

How Zero Trust and Other Platforms Work Together

The answer comes with the way you can add zero trust into other platforms. Data activity monitoring and data security analytics need to log and analyze that user’s actions across many sources. If that user has access to privileged credentials, a data security platform needs to integrate with privileged access management tools to uncover whether that user has used those credentials to do anything suspicious. If they have, data security tools — further promoting zero trust — must send actionable risk insights to a SIEM or a SOAR platform to ensure the security operations center team is notified as they trace this potential threat across internal systems.

Without data security tools in place, the zero trust framework cannot be supported well. But if what people are doing with your data becomes a blind spot, knowing which users present the greatest risk of a data breach becomes more difficult. And that is not a problem any organization can afford.

Learn more about how Guardium Insights is built to protect hybrid multicloud environments in this on-demand webinar with IBM Security and EMA.

More from Zero Trust

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Zero trust data security: It’s time to make the shift

4 min read - How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable to breaches as their attack surfaces continue to grow and become more difficult — if not impossible — to define. Add geopolitical and economic instability…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today