Page 114 - Cyber Defense eMagazine September 2022
P. 114
The problem with previous approaches to zero trust is that it’s applied at a network and file level not the
data level. In that sense it’s a blunt instrument; you either have access or you don’t, the data itself is
insecure. The irony is that zero trust pushes for perimeterless security, yet what to establish a bolt-on
zero trust perimeter around your data storage, and then slice that data up to try to maintain the
appropriate level of security.
Let’s examine what this means in regard to people and data access.
The People Problem
You may think with zero trust, your data is locked down, and that highly confidential data is safe. But is
it? Only authorized users have access, after all. And those authorized users include all your database
administrators, your helpdesk staff or any of which may be on contract, and thus be more transitory than
typical employees and subject to less scrutiny. Any of these people (employees or contractors) could be
phished. Or have a virus on their computer.
Still feeling safe?
Even with zero trust, there can still be issues in configuration and policy management. Anyone who’s
dealt with common cloud security policies knows these can be onerous to apply to a large and varied set
of data and services. An administrator sets up a new cloud database, only to discover it can’t
communicate with the policy engine or web servers. The natural inclination is to just change settings to
“allow” … and now everything works, but your data is open to the internet. Are you certain that all those
loopholes have been closed?
The Data Problem
Regardless of zero trust, for most organizations today, data is secured by segmenting it – in other words,
creating data silos. Again, this is a blunt, all-or-nothing approach, especially when it comes to
unstructured data.
Take a spreadsheet, for example, where two workers, Bob and Alice, need access. Both have credentials
and are working from a trusted device. Alice is authorized to view all the data in the spreadsheet, even
the confidential information. Bob, however, doesn’t have clearance to see the sensitive data, so he needs
to work on a copy of that spreadsheet with that information removed. Now you have two copies of the
same file. Even worse, once Bob updates the spreadsheet, now someone has to reconcile those
changes. This happens over and over across the organization.
Having to silo confidential information can have a significant impact on data science, analytics, and AI,
particularly if this data is of mixed sensitivities. Either it becomes off-limits to the people and algorithms
that could use it, or the organization has to effectively duplicate storage, management, AI/ML pipelines,
etc.
Cyber Defense eMagazine – September 2022 Edition 114
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.