For federal agencies today there are two big challenges: The first is to secure data and the second is to find all the data that needs to be secured. Although industry and agencies have progressed steadily in creating better security, the biggest area of weakness has been protecting data at the source.
Until the advent of Zero Trust architecture, most cyber solutions protect perimeter defenses, but data is most vulnerable in its primary storage systems and online archives, whether it’s in the cloud, at the edge, or in the data center. Now data is everywhere and it’s hard to tell where it’s moving and keep track of where it is stored. Not only has the historical reliance on perimeter security, been nullified by our data-rich environments, but the rise of the insider threat has also sounded its death knell. For government organizations, not having a data-focused cybersecurity strategy is a matter of national security.
Protecting Data at the Source is a Game Changer
Consider how a bank is set up to protect its money. There are a series of defenses starting outside the building, on-site security guards and many layers of personnel that have varying levels of access to the funds. As you get closer to the money the security increases steadily – hence why banks have sophisticated vaults. Protecting data should be no different. A perimeter only strategy doesn’t work for a bank and it won’t work in the data center either – particularly because insider threats represent 34 percent of data breaches. Only by creating a chokepoint in front of the data, can we ensure complete visibility and control over every application and user accessing the data.
The New Data “Vault”: A Zero-Trust Approach
Because storage has emerged as the weakest link in the system, a Zero Trust architecture provides greater visibility to prevent breaches. Zero Trust changes the traditional model so that individuals only have access to the data they need, keeping classifications by segment with frequent verifications. This new model puts controls in the data owner’s hands versus the system administrators. The system admin has a lot to surveil and typically doesn’t have all the details, whereas the data manager knows who should have access, who has interacted with the data or who hasn’t in a project. This greater control for data managers allows them to de-escalate privileges or identify compartmentalized data in someone’s personal files which are critical to zero-trust and protecting from insider threats.
Securing unstructured data means adopting a “never trust” and “always verify” mentality, while maintaining the protection and accessibility of that data. The Zero Trust architecture prevents data from being held hostage, stolen, or compromised. The platform empowers organizations by protecting data where it resides without the cost, complexity, and security vulnerabilities of traditional bolt-on software solutions.
A dynamic defense is the only way to meet the new adversaries. While cybersecurity has traditionally been network focused a solution is data-focused using dynamic controls versus a fixed strategy that is NIST RMF and HIPAA compliant, providing active defense and policy enforcement against unusual data access is a stronger position.
Getting on the Path to Zero Trust
As federal agencies analyze their existing infrastructure and security measures, there is a specific set of criteria to consider as the foundation for a true Zero Trust infrastructure.
Zero Trust action list:
• Audit user interaction
• Audit admin interaction
• Encrypt data with keys controlled by the organization
• Determine normal user patterns by user type
• Continuously monitor the log and audit data
• Immediately investigate and ask end-user about anomalous behavior
The right system can make this action list easier to manage, with greater visibility and control – deployed in an agency’s enclave or virtually in the cloud. Working with trusted partners with experience of delivering complex solutions for federal agencies further eases the complexities of getting started on the path to Zero Trust success in today’s data-rich environments.
Ready to learn more? You can do that here.