I've been thinking about zero-trust and least-privileges access lately in the context of unstructured data security. They're some of the most exciting security frameworks out there - but to date they've been applied mainly to network-based resources with a network-first perspective.
But these two frameworks can be applied to data - although there are some mental adjustments you'll have to make first.
Knowing What You Have
Like I mentioned, traditional zero-trust has a network-first mentality. Think databases, applications, and the like. Unstructured data, on the other hand, is fantastically complex and diverse (see details in this study ). Specialized data, such as a contract or a sales strategy, might be both strategically valuable and difficult for outsiders to understand - not like a discrete networked resource that often has a fairly high IT profile, is well-understood and is "worthy" of attention and resources.
Attempts to "scale" security to unstructured data have, so far, been time and labor sinks. Pattern matching and end-user file markup techniques come to mind. Neither option is working very well.
But you have to know what you have before you can protect it.
Knowing What to Do
For the same reasons, developing policies for networked resources, while not easy, is at least manageable. Unstructured data is different. It’s diverse and dynamic, changing with time and business imperatives. Data loss prevention (DLP) technologies take a stab at the unstructured data policy problem, but DLP implementations are highly complex beasts bordering on unmanageable.
Knowing what policies to apply to each file is a very tough problem, and so far is hasn't scaled well at all.
Zero Trust/Least Privileges with Deep Learning
These two problems – discovering/categorizing your data and defining appropriate access policies – are now solvable with automated deep learning solutions.
Deep learning reveals document meaning and context to provide accurate, granular categories that reflect business criticality. These categories are an essential for zero trust security solutions. Deep learning, being far more accurate than pattern matching and far easier to implement than end user classification programs, is the answer.
Once categorized, deep learning can establish a security baseline for each category. That baseline encompasses how files are permissioned, shared, stored and managed, and it reflects the policy decisions made by the people who know those files best: the owners and end users. From here it’s an easy step to find and fix at-risk files, automatically and accurately.
Zero trust/least-privilege security is possible for unstructured data. By categorizing data and discovering the most appropriate security policies for each file, we’ve kicked away the barriers to effective, efficient and focused security at the file level. We’re finally ready to apply one of the decade’s most powerful security frameworks to the millions of files and documents our users create and manage every day.