How many different ways can data be compromised? First, both external and internal threats can target it. External threats can come in the form of malware or ransomware. Meanwhile, internal threats can come from malicious insiders working from behind trusted accounts. Insiders can become a threat simply by clicking a phishing link or being tricked by a social engineering attack. Missing a database update or minor misconfiguration could be just the hole an attacker needs to infiltrate a business. Zero trust is a framework that should address all of these potential attack vectors.

In fact, according to the 2021 Cost of a Data Breach report, organizations that have not deployed a zero trust program faced data breach costs averaging $5.04 million. Those that were zero trust “mature” saw those costs decrease by $1.76 million. Even those firms in the “early stage” of deployment had $660,000 less of a burden. In short, zero trust can mitigate the impact of a breach, but with only 35% of organizations having deployed this framework, it is critical to understand what it is and how it helps.

Read the report  

From Zero to Hero: Dynamic Data Security

Slogans like ‘never trust, always verify’ only hint at what zero trust is. Zero trust is the ongoing evaluation of each connection (and its security posture and needs) accessing resources within your enterprise These connections can be employees, partners, customers, contractors or other users. But connections can also mean devices, apps or even networks. Zero trust wraps a defense around each connection in a dynamic way, adjusting access rights and other privileges depending on risk status.

With identitydata securitythreat intelligence and other critical tools constantly providing context about each user, device and connection, a profile can be built, spotting who or what may be a risk. But it is often less about who is a risk and more about who isn’t.

In the case of remote work, for example, millions of employees now access data from home networks on unknown devices. While a given worker may not have been a threat in the office, that might change once that worker switched to a home office. The typical thinking would be to block access to the corporate network and apps for that user.

Watch the on-demand webinar

Keep Running Smoothly

However, another aspect of zero trust is to let businesses keep running smoothly while ensuring they remain secure. In this way, that same risky worker would need to have access privileges looked at again. To maintain safety, your system should do this as precisely as possible. You can adjust privileges to match changing risk levels based on the context. That context in turn is provided by checking against security data, database and app use, location and other pertinent details and logs about the user.

Zero trust goes beyond the binary of ‘block’ or ‘allow’. It means users the system considers a minor risk can still access the minimum tools needed to complete their tasks. As the users become less risky, they can be granted more latitude in the data they access. Or conversely, as they become more of a risk, you can take direct action to limit their access or reach.

Prioritizing Data Security With Zero Trust

When defining zero trust, it should seem obvious where data security comes into play. It is not just another tool in the framework but a critical piece. Data discovery and classification, data activity monitoring, data security analytics and integration with identity, threat intelligence and response tools give end-to-end zero trust cover.

By discovering where sensitive data lives, we can develop data security and governance policies in line with security, compliance and privacy goals. We can monitor and protect sensitive data sources first. This delivers a steady stream of data to help an analytics engine build practical insights and score based on the level of risk. That engine can then act upon these insights directly. Or, it can share them with key security and business stakeholders. This way, people can modify policies and orchestrate a wide response to data threats on an ongoing basis.

It is vital that other tools monitor the network, endpoints or user access. However, it is the data security platform that detects odd behavior directly related to sensitive data. If a user clicks a suspicious link and downloads smartphone malware, that is certainly dangerous.

But how dangerous is it?

How Zero Trust and Other Platforms Work Together

The answer comes with the way you can add zero trust into other platforms. Data activity monitoring and data security analytics need to log and analyze that user’s actions across many sources. If that user has access to privileged credentials, a data security platform needs to integrate with privileged access management tools to uncover whether that user has used those credentials to do anything suspicious. If they have, data security tools — further promoting zero trust — must send actionable risk insights to a SIEM or a SOAR platform to ensure the security operations center team is notified as they trace this potential threat across internal systems.

Without data security tools in place, the zero trust framework cannot be supported well. But if what people are doing with your data becomes a blind spot, knowing which users present the greatest risk of a data breach becomes more difficult. And that is not a problem any organization can afford.

Learn more about how Guardium Insights is built to protect hybrid multicloud environments in this on-demand webinar with IBM Security and EMA.

More from Zero Trust

SOAR, SIEM, SASE and Zero Trust: How They All Fit Together

Cybersecurity in today’s climate is not a linear process. Organizations can’t simply implement a single tool or strategy to be protected from all threats and challenges. Instead, they must implement the right strategies and technologies for the organization’s specific needs and level of accepted risks. However, once the dive into today’s best practices and strategies begins, it’s easy to quickly become overwhelmed with SOAR, SIEM, SASE and Zero Trust —  especially since they almost all start with the letter S.…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Why Zero Trust Works When Everything Else Doesn’t

The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived. Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a "default deny" security posture. All people and devices must prove explicit permission to use each network resource each time they use that resource. Using microsegmentation and least privileged access principles, zero trust not only prevents breaches but also stymies lateral movement should a breach…

What to Know About the Pentagon’s New Push for Zero Trust

The Pentagon is taking cybersecurity to the next level — and they’re helping organizations of all kinds do the same. Here’s how the U.S. Department of Defense is implementing zero trust and why this matters to all businesses and organizations. But first, let’s review this zero trust business. What is Zero Trust? Zero trust is the most important cybersecurity idea in a generation. But “zero trust” is itself a bit of a misnomer. It’s not about whether a person or…