Achieving Zero-Trust Security Through Data Masking
Many organizations have built up large repositories of sensitive data as part of their core business model. This occurs for a variety of different reasons, from the collection of payment card information to process customer purchases of an organization’s products to medical records held by healthcare providers to large amounts of personal data collected by social media platforms for resale for targeted advertising.
A user’s personal data has become an extremely valuable commodity, and the collections held by many organizations represent a significant prize for cybercriminals. As a result, data breaches have become a regular occurrence, and, if organizations cannot ensure that attackers cannot access their networks and gain access to this data, they will continue to be a major threat to the privacy and security of businesses and their customers.
The growing threat of data breaches has resulted in a push for zero trust security. This new security model is designed to decrease the threat of the data breach by limiting access to sensitive data. However, implementing it without sacrificing system usability requires strong data anonymization technologies like data masking.
Challenges with Trust
Most organizations operate on a very simple trust model within their networks. With perimeter-based security, anyone who is inside the network is considered “trusted”, and the organization tries to keep all “untrusted” parties outside of the network. Logically, it seems like this separation of “trusted” and “untrusted” parties at the network boundary should work. In reality though, a wide variety of “untrusted” parties can have access to an organization’s internal network.
Legitimate third parties with access to an organization’s internal network include third-party vendors or service providers that are granted some level of access as part of their contracting relationship. While these service providers may be trusted, incidents like the Target breach demonstrate the risks associated with giving them full access. A compromise of a service provider’s network allowed attackers to leverage their access to Target’s network to steal sensitive information.
The risks associated with individuals having access to an organization’s internal network aren’t limited to contractors and service providers. Employee negligence is a leading cause of data breaches. While an employee may need access to certain data to perform their job responsibilities, this access also places the data at risk.
Finally, external attackers can gain access to an organization’s internal network. Despite an organization’s best efforts, it probably won’t be able to identify and prevent every attack against the network. Eventually, some attacker will get in and can take advantage of an organization’s lax internal security model to gain access to and exfiltrate sensitive or valuable data.
Zero Trust Security
The risks associated with a malicious or negligent party inside an organization’s network with access to sensitive data has led to a push toward zero trust security. As the name suggests, zero trust security is designed not to extend trust (and access to sensitive data) to someone simply because they have access to an organization’s network. Instead of implementing a “default allow” policy for access to systems and data for internal users, zero trust security calls for a “default deny” policy, where users can only access certain data or resources after proving their identity and that they have the appropriate authorizations.
Implementing a zero-trust security policy requires deployment of security solutions with a number of specific goals. First, the organization needs to be able to monitor and control access to sensitive data and resources. This requires a data security solution that can discover and control access to data repositories. The organization also needs to be able to segment their internal network so that access to one internal system does not give access to other systems by default.
Once an organization can limit access to certain resources to only authorized users, it needs a means of determining if a particular user is actually authorized. This requires identity and access management (IAM) solutions, and means to ensure that user accounts are not compromised like multi-factor authentication and user behavioral analytics.
After deploying these solutions (and other data protection mechanisms like encryption), an organization has laid the groundwork for a zero-trust security system. However, applying a black-and-white security policy where parties either have full access to data or none at all may not be the best choice for system security and usability.
Building Zero Trust Security with Data Masking
In many cases, a user who needs some level of access to sensitive data doesn’t need full access to it. For example, a developer performing testing of a new program needs data that realistically mimics the data that the software will process once the software reaches production. However, the developer does not need actual customer data in order to perform testing, especially of software that could contain vulnerabilities that an attacker could exploit to gain access to sensitive data. For this, and other similar edge cases, an effective zero trust security strategy requires a gray area between the black and white of no access or full access to sensitive data. Data masking provides an ideal solution to this problem.
With data masking, an algorithm is used to transform sensitive data. The details of this algorithm are configurable, making it possible to retain only the level of data realism necessary for a given application. By deploying a data masking solution, an organization can protect their sensitive data with a zero-trust security model without creating security holes or usability problems for these edge cases.