Page 113 - Cyber Defense eMagazine September 2022
P. 113
The Implications of Zero Trust for Data
By Julius Schorzman, Director of Product Management, Koverse, Inc., an SAIC Company
Zero Trust is a hot topic in network security. For those not familiar, zero trust is the “never trust, always
verify” premise applied to every device, with an eye to protecting the corporate network. In many ways,
this architectural approach represents the ultimate security posture.
That said, most zero trust approaches today have a flaw. Two, actually: people and data.
The people flaw might be colloquially termed “the insider threat problem.” In short, how do you protect
against rogue actors (or good actors that have been phished)? With the right credentials, that actor has
the keys to the kingdom.
The data problem is even more pernicious: how do you protect PII, confidential and classified information
without creating data silos? Most larger companies today use some form of a data lake where they ideally
collect and physically co-locate everything – structured and unstructured, batch and continuously
streaming, classified and unclassified, basically all sorts of complex data. There is no way to block, say,
a social security number contained in a piece of unstructured data without blocking (siloing) the whole
file. These data silos can wreak havoc on analytics, data science and artificial intelligence (AI) initiatives,
especially in sectors with a heavy dose of sensitive data, such as financial services, life sciences,
healthcare, and of course government.
Cyber Defense eMagazine – September 2022 Edition 113
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.