Broadcom Software: 5 Keys to Implementing a Zero Trust Strategy – The Data

Implementing Zero Trust may seem daunting, but the good news is that you are probably farther along than you think. In this blog series, Broadcom Software will look at the key factors to consider when implementing a Zero Trust framework. 

During a recent conversation, a CISO for a large organization said his number one metric for   Zero Trust was that it cannot impact the user experience other than to improve it. There is no question that security is always a balancing act. If you don’t make it simple to access data, the user experience will degrade, and employees will look for ways to bypass security controls. Shadow IT is often an undesired outcome.

In Zero Trust, data is just one of the many resources, in addition to applications and services, that are being accessed. But how do you protect the data? Today the volume of data has nearly outgrown our ability to be custodians of it – and it’s not going to get any better any time soon. By the end of 2022, there will be 97 zettabytes of data in the world. A single person generates 1.7MB of data every second. In addition to the growth in the amount of data, the data itself lives everywhere – from mainframes and corporate devices to hybrid multi-cloud environments.

Zero Trust always takes us back to security fundamentals – you can’t protect what you don’t know you have.     

Start with Asset Discovery

Data protection begins with asset discovery. There’s a lot of corporate data today that corporations don’t know they have. The truth is – if you have employees, employees create data and don’t necessarily put it where you expect. You need a robust solution that includes the ability to find data that you didn’t know about that still needs your protection. And to classify it. Once you find it, decide what it is and what level of protection it requires.

So, where does your data live? With Windows or Mac, you open Windows Explorer or MacFinder and you see a hierarchical list of named files and where your data is stored. This might work for a small amount of data scanned manually. The mainframe doesn’t use a file system. There is no hierarchy. It’s not unusual for organizations to have millions and millions of datasets on the mainframe and have no idea whether they contain sensitive PII data, corporate confidential data, or just test data.

Enterprises’ increased dependence on the cloud has created its own set of asset discovery and data protection challenges.  Today there are thousands of cloud companies out there and that volume and complexity creates substantial monitoring issues for customers. Proactive cloud monitoring is essential to gain visibility and to protect of all your assets.

Using the right encryption, MFA and more

As mentioned earlier, you are always making tradeoffs between convenience and protection when it comes to security. Encryption is part of it. Access control is part of it. Location is part of it. With mainframe, you can encrypt it, but you then need to manage the ability to easily access the information without compromising encryption. And to do that, you have to give everybody the key to the encryption, which defeats the purpose of the protection.

Also, there are numerous encryption standards, so it’s important you’re using the standard that matches the requirements of the data.

Remember too, encryption is just one aspect of data protection. You need network security, access control, and the ability to track that data and understand where it’s moving, who has access to it, and who’s moving it. Also, be sure to use Multi-Factor Authentication (MDA) on all of your platforms including mainframe.

A Zero Trust implementation includes layers of security protection based on the level of risk your organization is willing to accept. The minute you start to see bypasses, then you know you’ve hit the wall on complexity. Embracing automation can help augment your security as the industry continues to deal with a limited supply of security professionals.

Looking ahead

Data protection – just like your security plans including your Zero Trust framework – must be continually reassessed as business conditions and technology change. The development of quantum computing; the evolution of hybrid work; and shifting privacy and security regulations and standards are just a few of the factors you need to keep in mind when implementing data protection today – and in the future.