Zero Trust shouldn’t be just a catchphrase, marketing slogan or network authentication initiative. It’s a necessary paradigm shift in security philosophy. It drives organizations to continuously reevaluate their defensive posture and Zero Trust architecture in an ever-evolving threat landscape.
Across the US Federal agencies I engage with, the noise about Zero Trust for Data is at fever pitch. US federal agencies have issued guidance on Zero Trust and Zero Trust architectures, including the Office of Management and Budget (OMB) or the Department of Defense.
Similarly the Cybersecurity and Infrastructure Security Agency (CISA) has championed a Zero Trust maturity model that breaks Zero Trust into pillars. Maturity in each individual pillar is necessary to support a robust cybersecurity posture. Each pillar significantly enhances the security of an organization. But Zero Trust is not merely a collection of isolated pillars. Symmetry Systems and others, including the DoD, view it as an intricately woven fabric where each thread strengthens and influences the other, connecting identities ultimately to the resources or data they are trying to access. Each pillar is representative of how an identity connects to data and is vital to ensuring data is protected at all times. When identity and data are woven together, they don’t just coexist; they reinforce and amplify each other’s significance.
“All capabilities within the Pillars must work together in an integrated fashion to secure effectively the Data Pillar, which is central to the model. “Source: https://dodcio.defense.gov/Portals/0/Documents/Library/DoD-ZTStrategy.pdf
It’s a dynamic dance where one pillar’s movements resonate and impact the other, ensuring that the entirety of the organization’s security posture is agile, responsive, and fortified against both present and emerging threats.
How Identity Management Informs Data Security
Let’s first explore how identity management continuously informs the security tapestry that protects data within your organization.
1. Robust Authentication is the Foundation of Data Protection
A strong identity authentication mechanism is foundational to a modern cybersecurity program built on a Zero Trust philosophy. When each user’s identity is stringently verified and authenticated, unauthorized access to data can be substantially minimized, but it’s not just about ensuring John from HR is allowed to access the data; it’s also about ensuring that the file is accessed by the legitimate John for legitimate purposes. With the mass digital transformation efforts to the cloud, the ability to correlate an authorized identity with a specific action against data has become a challenging requirement. DataGuard provides a window to not only what authenticated identity is performing actions on data, but also, are these actions the typical actions that this identity normally performs- at scale.
2. Least Privilege is Only Possible at the Data Object Level
Least Privilege has long been the holy grail of data security policies and identity management programs. By reducing the level of access to only the data and operations that a user needs to perform their role, organizations would significantly reduce their risk. The challenge is doing this at scale at the precision needed to restrict access to sensitive data. Instead organization’s have focused on authorizing access to entire stores instead, granting access to all the data within data stores, Even more concerning, this access almost universally allows users to create, read, update and delete the data.
By mapping each user’s role and permissions to specific data sets, their operations that can be performed as a result and continuously monitoring usage, DataGuard improves least privilege and promotes data integrity, availability and confidentiality. As identities change or evolve (e.g., job transitions or promotions), and their use of data changes, so should their data access, preserving the sanctity of the data pillar. This is enabled by Dataguard’s focus on fine grained permissions analysis and automated risk reporting.
3. Identity-led Behavioral Analytics:
In today’s threat environment, you can’t trust anyone. Even if a user is fully authenticated and authorized to perform an activity, they may be acting suspiciously and even maliciously (the proverbial insider threat). Understanding their usual patterns of behavior and monitoring and flagging unusual data access patterns is essential to detect insider threats.d. This dynamic interaction underscores that while identity is a gatekeeper, its interplay with data usage patterns can be a potent tool against insider threats. DataGuard doesn’t just stop at verifying identities; it tracks and alerts on changes in user behavior. The use of machine learning to detect anomalous attempts to access data from authorized accounts can often detect compromises that are hidden from other detection techniques.
How Data Security makes Identity Management meaningful
On the other side of the Zero Trust paradigm, the form and use of data can and should continuously dictate the identity fabric that enables access to your data.
1. Data Usage Patterns Refine Identity Policies
The way data is accessed and used can provide valuable insights into refining identity policies. For example, if a user regularly accesses data during business hours or from specific geo-locations, this can be dynamically built into your identity policies. This would ensure that any attempt to access data during unusual hours, or from a different location, might lead to a reassessment of their trust score and trigger additional authentication layers. Regardless of the authentication success, alerts can be generated for further investigation when sensitive data is accessed or certain operations are performed.
2. Data Sensitivity and Classification can define Data-centric Identity policies
The classification and sensitivity of data can also further guide the robustness of identity policies at a user level and data store level. By understanding the spectrum of organizational data accessible by a user, or stored within a dataset, organizations, can mandate multi-factor authentication for users with access to extremely confidential datasets while allowing simpler checks for less critical ones. All from within DataGuard.
3. Learning from Historical Compromises
In the unfortunate event of a data breach, understanding how and which identities were compromised can be utilized to fortify identity pillars proactively. How? By understanding the type of data targeted, organizations can proactively reduce identities with access to the same dataset and enhance identity checks for remaining users with access to similar datasets. However, this requires extremely relevant and contextual evidence, about their usage of the data. With Dataguard’s ability to surface the extreme granularity of this evidence, enhancing identity checks to the left (or data attack surface) and right of a breach (data blast radius)is now a possibility through automated, continuous monitoring and reevaluation. This analysis can immediately surface higher risk and higher priority identities within the platfrom
It’s time to start building the Zero Trust Fabric
Symmetry DataGuard envisions Zero Trust security not as isolated principles but as an interconnected fabric between identity and data within the platform.
The connection between identity and data allows organizations to improve and maintain the security posture of each individual data object and thereby make meaningful change to the entire organization’s security posture.
To learn more about our data centric and identity first approach to Zero Trust, can help you uplift your Zero Trust Maturity, please reach out. We’d love to show you how Symmetry DataGuard can help achieve Zero Trust for data, whether in the hybrid cloud, on prem, or in an air-gapped environment.