Customers trust organizations to keep their information safe. To uphold this trust and keep their data safe, you need to be cautious about your company's data security. And zero trust helps you do just that.
Zero trust is a security framework that helps protect an organization's confidentiality, integrity, and availability. It distrusts all users, even if they have already been authenticated and verified in the past, and requires them to be verified every time they access a resource.
This additional layer of security prevents malicious actors from gaining access to sensitive data and ensures that only authorized users can access the system, keeping your networks safe and secure.
What is the zero trust model?
The zero trust model emerged as a counterpoint to the traditional data security framework to reduce risk and control access to shared data. This data security framework outlines how the information is shared and secured within the organization.
The traditional security framework is based on the idea of “trust but verify”. In this case, once a device is verified and trusted, it always remains trusted and doesn’t need to be verified for subsequent uses; if nothing changes.
For example, when connecting your phone to your home's WiFi network for the first time, your phone will be automatically disconnected and reconnected as long as the WiFi password or device details remain unchanged. The verification step only proves that this device has been connected before. Once it's trusted, it will always be trusted.
In contrast, the zero trust model is based on “never trust, always verify”. The zero trust security model, also known as a zero trust architecture (ZTA) or simply the zero trust model, is a design philosophy for IT systems that provides a perimeter-less security architecture.
In other words, the components of a zero trust model behave in such a way that the system automatically and mutually authenticates and authorizes between itself and any connected device or account. This removes uncertainty in security processes, especially when making access decisions.
In a zero-trust model, authentication and authorization take place much more frequently. Just because a device or account was previously connected to the network doesn't mean the device is still secure.
Aside from requiring users to re-authenticate each time they access the network, some systems require authentication checks during user sessions at set intervals. Another policy could be inactivity checks: if a user becomes inactive after a few minutes, the system will force their account to log out until the user returns and authenticates again.
Data governance ensures your organization stays compliant and your data is accurate, up-to-date, and secure. Since its inception, ZTA has continued to gain ground and popularity, especially among companies with the highest level of data security, such as banks, social media databases, and government agencies.
In fact, the National Institute of Standards and Technology (NIST) describes zero trust in its SP 800-207 document, published in 2018 and adopted as standard government protocol in May 2021 in response to an increasing number of high-profile data breaches.
Many businesses are now adopting zero trust models regardless of their size. This is because databases and their use have become more complex, not to mention the increase in potential risks if that data is stolen, corrupted, or otherwise tampered with.
A zero trust architecture with security policies, authorization processes, and other supporting components efficiently secures your data.
The 3 principles of the zero trust model
Different countries have different zero-trust policies. For example, while the United States refers to NIST's SP 800-207 document, the United Kingdom's National Cyber Security Center (NCSC) understands zero trust’s key principles. Regardless of the country, zero trust security boils down to three main principles:
Trust approach: how the data is accessed (never trust, always verify)
Security posture: what security policies and procedures govern data access (assume that breaches will happen; do what you can to minimize the “blast radius”)
Data protection: how the data is protected before, during, and after access (apply the principle of least privilege)
The answer to how data is accessed will determine your trust approach, either as "never trust, always verify" or "trust but verify". Data access, especially production data, is a key focus for an organization.
This access is critical to generating value for the organization. However, there’s a risk of exposure. Because most companies store sensitive data in their databases, warehouses, and lakes, access to this information must be controlled and secured.
The policies and rules governing data access reduce the likelihood and consequences of a data breach. You should develop a clear and deterministic data security policy.
Data security policies with a “zero trust” approach help thoroughly review data access requests before granting access. It’s necessary to have a clear data security policy that sets out the access rules. Data breaches can come in many forms, and security policies help you stay ahead and alert at all times.
This principle governs how you secure data, especially sensitive data. You can set up access, so everyone can access the data or restrict access based on roles or attributes. The zero trust restricts unauthorized access as much as possible.
The zero trust principles all tie into standard data security measures and policies, including authorization and authentication, user credentials, and data governance, among many others.
The foundation of a zero trust model rests on the following factors:
Who should access the data, and how should they access it?
What processes minimize security risks (automatic reauthentication, inactivity checks, and so on)?
How should the database be segmented and insulated to minimize damage from a security breach?
What processes, policies, and programs track and audit security to ensure continued safety, interpret context, and review breaches to prevent further risk?
By addressing these issues, your security team creates an architecture that automatically performs authentication and security checks, limiting human error or permanent damage to the database in case of a breach.
Creating zero trust data access policy
Nothing destroys a company's reputation faster than a data security incident. Therefore, backing up data is crucial. From credit card numbers and government documents (like social security numbers, birth certificates, passports, and other forms of identification) to banking information and physical addresses, a lot of information is at risk of falling into the wrong hands.
If your company's database is a castle, data access and the controls that govern access are the first line of gates and sentinels looking out for threats.
As mentioned, the traditional “trust but verify” model does half the job – it looks out for threats. But once it marks a device or user as safe, it's always considered safe until it's no longer safe. Either way, once the account is in, continued security checks are rare since prior authorization indicates where the user can go within the database.
With the zero trust model, access control treats the database as an unknown entity, no matter how often a user accesses the database from the same device. The security check isn’t complete until the user account is correctly identified and authorized.
Additional security checks are performed passively at regular intervals to ensure the account user is where they should be. If they exceed the predefined limits, behave suspiciously or become inactive, various security processes intervene to disconnect the account and protect the data.
Regardless of how the database using a zero trust model deals with potential or proven breaches, it comes down to the applicable access policies, rules, and procedures. Without rules, there’s no consistent security enforcement, and users can access the database and its contents with reckless disregard for their security.
Consider the following when developing a zero-trust access policy:
How should you authenticate, authorize, and encrypt user account connections?
How often should user accounts be checked during a single session?
Should you use an inactivity timer, and if so, how long can an account be inactive during a session until the system logs them off?
How strong should your password policy be, and how often are these passwords changed? Are users left to come up with their passwords, or are they generated by the system automatically?
Are some kinds of devices and connections considered safer than others (i.e., do users have to log onto a specific organization-owned device in-office, or can they log on from home computers remotely)?
Once you have the answers to these questions, you can design your database security architecture to respond automatically to any data access threats. Additionally, by establishing clear policies and rules, your security team can audit the database faster and more efficiently, consistently enforce expectations, and gain a deeper understanding of database architecture, improving it over time.
The components of a zero-trust model
A zero-trust model has two main components:
Core components outlining user access, authentication, and authorization
Functional components that complement, reinforce, and otherwise interact with these processes.
Both components work together to ensure your database is secure, ensures compliance, enables effective auditing and user management, and is informed of future security and access control policy changes.
Consider the database castle mentioned earlier: the core components represent the main gate and how users pass through that gate. When users first connect to the system, they establish an untrusted connection through a policy enforcement point.
The enforcement point comprises two parts:
Policy engines: access controls and other system functions that interpret permissions, privileges, authorizations, and other useful forms of metadata to validate their credentials.
Policy administrators: the human operators who keep the engines doing their jobs, spotting potential faults and intervening if necessary when a breach occurs outside the control of the system's fail safes.
If a user account passes all relevant checks at the policy enforcement point, it’s granted trusted access to corporate resources. The core components operate at two levels: the user, connection, policy enforcement point, and resources reside in the data plane, and the policy modules and policy administrators reside in the control plane.
If the core components are the main gate, the functional components are the guards armed with their pikes, training, and orders ready for action, depending on the situation. As the name suggests, functional components act on the core components and their processes by extending them (by enforcing various security measures) or using them for other purposes, like audits, analytics, user identity, and account management.
Although this list isn’t exhaustive, here are some common functional components in a zero trust model:
Data security and access policies: Determining who can access the database, how, when, and to what information they have access.
Encryption:Encryption ensures all connections and communications with the system are safe and cannot be compromised by third parties.
Endpoint security: Policies and procedures to keep entry and exit points connected with user devices safe and insulated from exploitation.
Security analytics: Generating metadata that security teams use to scan for weaknesses, suspicious activity, and vulnerabilities and developing methods to combat these threats effectively.
Regulatory compliance: Ensuring that all systems and functions are within industry standards and legal compliance, such as HIPAA, CCPA, GDPR, and other regulatory requirements.
In summary, functional components are not just processes and codes operating within the system but the governance and procedures to ensure the entire zero trust model runs smoothly.
Core and functional components work together to secure your company's database. While the core components interact directly with a user's request for access to company resources, available components work at the edge, adding access controls, generating security analytics, or providing other useful information and services to make the core components more effective.
While there may be some overlap between the two (policy engines require access management policies to work), both are necessary for the zero trust model to work effectively.
Zero trust best practices
Zero trust models are best summed up as treating every connection, user, and device as untrusted, regardless of how many times they previously connected to the system. In addition, regular security checks for activity and validation take place throughout the user session to ensure the user isn’t behaving suspiciously.
The following are a few best practices to keep in mind when implementing a zero trust framework.
Never trust, always verify
No matter who accesses the database, always treat the connection as unknown. A simple security mistake is to trust a connection from a remembered device that has been compromised – either remotely hacked or physically controlled – by an attacker.
By enforcing verification on every connection, you minimize the risk of hijacked accounts or devices weakening your data security.
Know who you’re giving access to and why
Even if every user successfully connects to your database, always apply the principle of least privilege (or PoLP). In other words, each account should be given the least amount of access to do its job within the database.
For example, HR doesn't need access to customer records, and the sales team doesn't need to see all of their colleagues' salaries. If a user changes role or department or is fired, their access will be changed immediately and appropriately.
Implement strong access controls
A gate that lets everyone through isn't very useful. Therefore, it’s important to define authentication and authorization policies so that each user goes through a verification process and is given the appropriate level of access to the database.
Maintain secure access at all times
Once a connection has been verified as trusted, regular passive security checks should be performed throughout the user session. For example, in addition to verifying user metadata and activity, you can implement a forced disconnect when a user is inactive for an extended period during their session.
Zero trust is an important element of your organization’s security
Although "trust, verify" was the cornerstone of traditional security methods, we find ourselves in a much more dangerous and complex digital world. As attackers have found ways to exploit long-standing vulnerabilities and physical vulnerabilities (such as a stolen trusted device), new methods are needed to protect sensitive information.
While not 100% foolproof, zero trust models remove as many vulnerabilities as possible from traditional “trust but verify” policies. By treating every connection as unsecured, regularly checking user credentials during their sessions, and planning by minimizing the "blast radius" in the event of a security breach, your organization can respond quickly to any security issues that may arise.
Zero trust models are the gold standard, even if your organization isn't a government agency, bank, healthcare provider, or other entity protecting hundreds of thousands of sensitive records. Without implementing a zero trust framework, you become vulnerable to simple attacks that could have been avoided with relatively minor adjustments.
However, when you consider components such as user access controls, authentication, encryption, endpoint security, and activity logs and their role in your data security policies, you already have the foundation for a robust zero trust architecture and data security.
Ben is an experienced tech leader and book author with a background in endpoint security, analytics and application, and data security. Ben filled roles such as the CTO of Cynet and Director of Threat Research at Imperva. He's now the Chief Scientist for Satori, a data security platform.
Secure your data, not just infrastructure
Say goodbye to traditional network security and protect your data directly from threats with data-centric security software.