Advancing Zero Trust Maturity Throughout the Data
Pillar
Executive summary
This cybersecurity information sheet (CSI) provides recommendations for maturing data
security and enforcing access to data at rest and in transit, ensuring that only those with
authorization can access the data. It further discusses how these capabilities integrate
into a comprehensive Zero Trust (ZT) framework, as described in Embracing a Zero
Trust Security Model. [1] Traditional security approaches have often relied on perimeter
defenses alone to secure networks. Recent events highlight that adversaries who are
successful at gaining a foothold in information systems often readily gain unfettered
access to all data in those systems. By applying the recommendations in the data pillar,
including identifying risks to data, integrating granular data attributes into access control
mechanisms, and monitoring data access and use, organizations will reduce the impact
and consequences of breaches and identify suspect activity earlier in the cyber intrusion
lifecycle.
To protect data, an organization needs to know what data it has and track how it moves
and is accessed inside and outside the enterprise. Tracking data can be a significant
task, so having an automated method for identifying data of value on the network or
performing a data inventory operation is recommended. Data protection ensures that
data is only accessed by authorized entities. Granular control of data not only keeps it
safe within the enterprise, but also ensures that it can be safely shared with other
organizations and partners to achieve interoperability. Implementing these activities will
limit the ability of adversaries to reach targeted data assets. It will also provide visibility
to system managers of compromised assets that require mitigation should adversaries
be successful in their efforts.
