Cynicism as a Strategy: Understanding Zero Trust Data Management

Shrewd cybersecurity model assumes everyone and everything is a threat.

In a connected world, turning cynicism into a strategy makes perfect sense. Implicit trust is a thing of the past when it comes to protecting sensitive data and information. With cybersecurity risks rising to unprecedented levels, evaluating every single connection to the data—not just the first time a network is accessed, a device is connected, or a user signs in—is the new imperative. It’s not personal; even the most credible and devoted employees could be impersonated or have their credentials stolen.

Government and commercial organizations working to secure their critical, sensitive data are actively pursuing the Zero Trust Architecture (ZTA) framework published in August 2020 by the National Institute of Standards and Technology (NIST). And some have started mandating it.

For instance, the U.S. Federal Government’s ZTA strategy, announced by the White House in January 2022, requires agencies to meet specific cybersecurity standards and objectives by the end of fiscal year (FY) 2024. Among the targets are encrypting and authenticating all traffic, even internal traffic, and “categorizing data based on protection needs, ultimately building a foundation to automate security access rules.”

While other solution providers address the network, encryption, authentication, and related aspects of a Zero Trust architecture, Koverse Data Platform (KDP) uniquely provides the data storage and management component.

By design, our security-first data platform applies Zero Trust principles to data storage and management by providing additional, fine-grained, attribute-based authorization checks for every data access request, which is crucial for security-conscious customers in government and regulated commercial industries. It accomplishes this in a single platform for all data from any source, including structured and unstructured, batch and continuous, classified, unclassified, and mixed-sensitivity data.

KDP’s Zero Trust approach allows for an unprecedented variety of complex and sensitive data to be co-located and protected, effectively establishing an end-to-end, multi-level security (MLS) environment where data is protected from ingestion to discovery and use. Granular and dynamically defined permissions enable proactive, continuous verification to prevent unauthorized data access, security gaps, incursions, and related risks.

KDP’s Zero Trust data management and complementary built-in security features include:

  • Attribute-based access controls (ABAC), where fine-grained subject, object, and environment condition attributes at the time of access determine the permissions
  • Role-based access controls (RBAC), where user roles within the organization determine their permissions
  • Data protections at the dataset, column, row, and portion levels
  • Integration with enterprise identity and access management (IdAM or IAM) systems
  • Integration with existing authorization and authentication systems such as AD/LDAP and PKI certificates, simplifying DoD Information Assurance (IA) certification
  • Support for unlimited arbitrary combinations of security access tags
  • Scalable ingest, query, and data transformation while still enforcing fine-grained security controls
  • Encryption of all data while stored in the platform
  • Masking of specific columns for one or more groups, each with different rules, whether applying encryption, partial masking, or removing columns

As an example, when initially loaded, access to a specific dataset or record or even knowledge of its existence can be restricted to a very small group of users—excluding, critically, even system administrators. The data may be restricted to only users having the background knowledge and training to properly deal with the complexities of that dataset, and because it is indexed in KDP, it can be used along with all other authorized data in the system for analytics, data science, and AI as needed.

With capabilities like these, administrators can easily and securely manage which individuals or groups have access to which data, solutions, and administrative functions, while preserving data safety and integrity—core tenets of Zero Trust data management.

The persistence and increasing sophistication of cyber threats today provides good reason to rethink implicit trust and transition to Zero Trust security strategies for critical and sensitive data.

To learn more, contact us today.