zero trust data protection encryption

Zero Trust for Data

Encryption has been around for a long time. It is the holy grail in data security because data encryption translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it. Zero trust is a security model based on the principle of maintaining strict access controls and not trusting anyone including the ones inside the network perimeter.

In theory and in practice, data secured with strong enough encryption, is almost impossible to break without huge computing resources and effort. What makes encryption powerful is also its downfall. Encrypted data, by definition, is not visible. What is not visible or accessible is not available for computing or processing. Encrypted data must be decrypted, in almost, all cases for access and use. Therein lies the weakness.

As systems have evolved in complexity, data security has not progressed. Today, systems, even for the smaller businesses, are technically complex as a result of interconnected partnerships, platforms and cloud enabled services. While a slew of new security products has surfaced, data protection still remains the same. Unfortunately, in today’s world, it is most often, not a matter of if, but when, someone finds into a protected system. This is merely a reflection of todays interconnected world, where systems, application and users are connected in so many ways that it is hard to understand how the vulnerabilities of other system can be exploited.

Vendors have attempted to portray a system with enough gates, as a compensation, for allowing data to be staged in plain text. What this illustrates is the inability of security companies to provide an encryption-based data security product that does not inhibit usage. Data is staged in plain text simply because there is no way to keep it protected In-use.

That being said, almost every organization uses encryption in some fashion. As organizations think about privacy requirements and ethical responsibilities, they are hamstrung by security technologies that have not kept up with the new needs both from a technology and scale perspective. A strong security approach consists of a data-centric security framework that can scale, while providing a protective envelope across all data stores thus reducing the risk and threats of yet another data theft or leakage that can lead to some serious consequences.

The most common use of encryption is to protect data in transit. Another common use if to protect data “at rest”. Together they are the most common and prevalent way for data protection. This also implies that data “in use” is not protected. The common argument made by many is that these two measures along with network and application-level controls will suffice. The continuing loss of data through breaches and hacks suggest otherwise. Another way this limitation is being exposed is through ransomware attacks. The attackers not only encrypt the operational environment(s) but also data as ransom.

The notion of keeping data protected in use has existed in the academic world for a long time. Many research projects and efforts have been made to demonstrate that encryption of data “in use” is attainable, in theory. Computation on encrypted data has been on the mind of many academics and commercial enterprises, for a long time. Much effort has been expended on this subject Despite the progress, the results have historically not been practical for a commercial world. These reasons include the primary bane of encryption, performance. Encryption requires a lot of computing power to achieve its goals. These additional processing efforts reflects themselves as, performance penalties in commercial systems. Often to the point of making these solutions and approaches impractical for business.

What has changed recently is the available of cheaper computing resources. This, coupled with advances in technology, is making computing on encrypted data practical and feasible.

As with emerging technologies, products with various capabilities are emerging. Products targeted towards a wide range of industries and capabilities are being developed and deployed. Products ranging from simple to complex along with platforms operated as a service are now available.

Latest posts by Purandar Das (see all)
Scroll to Top