Zero Trust Data Protection (ZTDP), a new security framework created by Netskope, is the application of the zero trust construct to data protection. Zero Trust as a concept has existed for quite some time and essentially means “do not trust anything you’re not required to trust and verify everything that must be trusted.” Following this logic, Zero Trust Data Protection is the concept of not inherently trusting any user, device, application, or service with given access to one’s data.
In terms of ZTDP, think of your data in the cloud as a building full of rooms with locked doors and each lock has its own individual key and you only grant users access only to the room with the exact data that they need and nothing else. That is ZTDP in a nutshell.
While the zero trust concept is usually applied towards access to networks, devices, and servers, the rapid growth of cloud computing has shifted the requirements of zero trust towards data protection. It’s not enough to apply zero trust to networks when data is not stored locally as often and is, instead, stored across numerous SaaS, IaaS, and PaaS clouds.
The benefits of Zero Trust Data Protection are numerous, including:
Avaliação permanente de riscos
Contexto de dados e consciência de sensibilidade para melhor aplicação de políticas
Possibilita o acesso seguro de qualquer lugar
Assegura que os dados estejam protegidos em qualquer lugar
Adheres to current compliance standards
A inclusão de outras ferramentas como plataformas analíticas e visibilidade inline do uso da nuvem, da web e de rede possibilita a esses administradores personalizar suas regras de zero trust e evitar movimentos laterais não autorizados de outros conjuntos de dados. Resumindo, a proteção de dados zero trust é a primeira linha de defesa contra o acesso e a exfiltração de dados sem autorização.
How do ZTDP and SASE integrate?
Combined with security tools in a SASE (Secure Access Service Edge) architectural framework, Zero Trust Data Protection allows administrators to set targeted and granular rules that adhere to company policies of data access, while benefiting from the simplicity and efficiency of SASE. These policy controls are broken down into numerous parameters, including:
Users
Devices
Applications
Tipos de ameaças
Localizações geográficas
Tempos de acesso
Contexto de dados
Essentially, Zero Trust Data Protection is the brain, while SASE is the central nervous system of your security infrastructure that connects your entire security infrastructure.
