Get your copy of Security Service Edge (SSE) for Dummies. Get the eBook

Security Defined Cybersecurity EncyclopediaWhat is Zero Trust Data Protection (ZTDP)?

Zero Trust Data Protection (ZTDP)

3 min read

What is Zero Trust Data Protection (ZTDP)?

Zero Trust Data Protection (ZTDP), a new security framework created by Netskope, is the application of the zero trust construct to data protection. This concept has existed for quite some time and essentially means “do not trust anything you’re not required to trust and verify everything that must be trusted.” Following this logic, Zero Trust Data Protection is the concept of not inherently trusting any user, device, application, or service with given access to one’s data.

In terms of ZTDP, think of your data in the cloud as a building full of rooms with locked doors and each lock has its own individual key and you only grant users access only to the room with the exact data that they need and nothing else. That is ZTDP in a nutshell.

While this concept is usually applied towards access to networks, devices, and servers, the rapid growth of cloud computing has shifted the requirements of zero trust towards data protection. It’s not enough to apply these principles to networks when data is not stored locally as often and is, instead, stored across numerous SaaS, IaaS, and PaaS clouds.

zero trust data protection ZTDP definition

White Paper: ゼロトラストを検討・実装する際に知っておくべきこと
Report: 2020 Zero Trust Report by Cybersecurity Insiders


Benefits of Zero Trust Data Protection

The benefits of Zero Trust Data Protection are numerous, including:

  • Continuous risk assessment
  • Data context and sensitivity awareness, for better policy enforcement
  • Enables safe access-from-anywhere
  • Ensures data is protected everywhere
  • Adheres to current compliance standards

The addition of other tools like analytics platforms and inline visibility to cloud, web, and network usage allows these administrators to tailor their rules and prevent unauthorized lateral movement to other sets of data. All in all, Zero Trust Data Protection is a first line of defense against unauthorized data access and exfiltration.


How do ZTDP and SASE integrate?


zero trust data protection

Combined with security tools in a SASE (Secure Access Service Edge) architectural framework, Zero Trust Data Protection allows administrators to set targeted and granular rules that adhere to company policies of data access, while benefiting from the simplicity and efficiency of SASE. These policy controls are broken down into numerous parameters, including:

  • Users
  • Devices
  • Applications
  • Threat types
  • Geographical locations
  • Access times
  • Data context

Essentially, Zero Trust Data Protection is the brain, while SASE is the central nervous system of your security infrastructure that connects your entire security infrastructure.

Webinar: Data Protection for Cloud-First Organizations
Blog: Modernizing Your Data Protection Strategy


Subscribe for the latest cloud security insights

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.