The problem with previous approaches to zero trust is that it’s applied at a network and file level not the
            data level. In that sense it’s a blunt instrument; you either have access or you don’t, the data itself is
            insecure. The irony is that zero trust pushes for perimeterless security, yet what to establish a bolt-on
            zero  trust  perimeter  around  your  data  storage,  and  then  slice  that  data  up  to  try  to  maintain  the
            appropriate level of security.

            Let’s examine what this means in regard to people and data access.




            The People Problem

            You may think with zero trust, your data is locked down, and that highly confidential data is safe. But is
            it? Only authorized users have access, after all. And those authorized users include all your database
            administrators, your helpdesk staff or any of which may be on contract, and thus be more transitory than
            typical employees and subject to less scrutiny. Any of these people (employees or contractors) could be
            phished. Or have a virus on their computer.



            Still feeling safe?

            Even with zero trust, there can still be issues in configuration and policy management. Anyone who’s
            dealt with common cloud security policies knows these can be onerous to apply to a large and varied set
            of  data  and  services.  An  administrator  sets  up  a  new  cloud  database,  only  to  discover  it  can’t
            communicate with the policy engine or web servers. The natural inclination is to just change settings to
            “allow” … and now everything works, but your data is open to the internet. Are you certain that all those
            loopholes have been closed?



            The Data Problem

            Regardless of zero trust, for most organizations today, data is secured by segmenting it – in other words,
            creating  data  silos.  Again,  this  is  a  blunt,  all-or-nothing  approach,  especially  when  it  comes  to
            unstructured data.

            Take a spreadsheet, for example, where two workers, Bob and Alice, need access. Both have credentials
            and are working from a trusted device. Alice is authorized to view all the data in the spreadsheet, even
            the confidential information. Bob, however, doesn’t have clearance to see the sensitive data, so he needs
            to work on a copy of that spreadsheet with that information removed. Now you have two copies of the
            same  file.  Even  worse,  once  Bob  updates  the  spreadsheet,  now  someone  has  to  reconcile  those
            changes. This happens over and over across the organization.

            Having to silo confidential information can have a significant impact on data science, analytics, and AI,
            particularly if this data is of mixed sensitivities. Either it becomes off-limits to the people and algorithms
            that could use it, or the organization has to effectively duplicate storage, management, AI/ML pipelines,
            etc.




            Cyber Defense eMagazine – September 2022 Edition                                                                                                                                                                                                         114
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.