Defining Zero Trust Data Protection

The biggest fundamental shift in the era of digital transformation is that data is no longer on a CPU that the enterprise owns. Security teams focused on cloud must invest in the right technology to achieve more complete data protection, and we all need to ensure Zero Trust principles are applied everywhere data needs protection.

At Netskope, we describe this as Zero Trust Data Protection.

In its simplest form, Zero Trust means: Don’t trust the things you do not need to trust. For the things you must trust, trust, but verify constantly.

Today there are many isolated Zero Trust projects focused on networks, users, devices, or isolating servers. The main miss on most of these projects, like deploying only Zero Trust Network Access (ZTNA), is that they are not focused on the data. Data is the grand strategy for security teams protecting the core digital assets of any organization. 

As one of the more familiar Zero Trust concepts, ZTNA describes application-level access that enables specific users to access specific applications. But we must go beyond just access control and isolation, and extend all the way to data protection. Zero Trust Data Protection provides continuous, real-time access and policy control based on users, devices, apps, threats, and data context. This approach is the only effective way to dynamically manage risk across a mix of third-party applications and a remote-first workforce that needs always-on access to cloud apps and data to stay productive. We all have to accept that this is the new normal as of today.

Data protection is ultimately about context. By monitoring traffic between the user and the apps, including API traffic, we can exert granular control. We can both allow and prevent data access based on a deep understanding of who the user is, what they are trying to do, and why. That is the context that Zero Trust Data Protection leverages to deliver security. Knowledge of the interplay between user, device, app, and data enables security teams to define and enforce conditional access controls based on data sensitivity, app risk, user behavior risk, and other factors. 

The result is more effective security via continuous risk management.

Zero Trust Data Protection isn’t just a new way to think about DLP, nor is it yet another “marketecture” hitching itself to the popularity of the term Zero Trust. Zero Trust Data Protection gets to the heart of what SASE is all about, which is to transform security and networking for the era of cloud, enable access-from-anywhere, and ensure data is protected everywhere it needs to go. The ability to do this effectively and completely, instead of in a piecemeal approach, is what separates the true SASE technology providers from the pretenders.

I’ll be discussing Zero Trust Data Protection alongside Dustin Wilcox, CISO for Anthem, on April 6 at Oktane 21. Register for your spot, and connect with me on LinkedIn to chat about this and anything else on your mind!