What is Zero Trust
Traditional Perimeter Security
With a traditional approach, it is assumed that everyone inside your perimeter protection is trusted, so you make sure you have robust "user centric" protection from the outside world. Hence user and group authentication is applied to network access, applications, endpoints etc
"inside the perimeter everyone is trusted"
"if perimeter breached unprotected data assets are easily stolen"
The challenge with this approach is the data is held in "clear text" and once a perimeter is breached the infrastructure and sensitive data assets are easily stolen or held to ransom.
Privacy1 Zero Trust Data Protection
A zero trust approach assumes that nothing is trusted, it starts from the position that everything should be locked and allow access only to legitimate users, systems, applications and pipelines. By bringing the protection from the edge of your environment / application to the data, you have much more granular control over the data asset.
"we apply privacy aware security to the data asset itself"
Our Zero Trust Data Protection is "data asset centric". We apply protection to the sensitive data assets themselves, so, even if the perimeter is hacked, the data is not readable as it's not in "clear text."
Our protection is also smart. It combines security and privacy awareness to secure the data to defend against breaches, but also to control access to the data by processing purpose, data processors and data subjects
Is this the same as network zero trust?
No, it's focused on the data not the perimeter
Zero Trust is an approach that many vendors are now shifting towards due to increased cybersecurity threats from outside and flexible working demands from within organisations. However, despite much expensive marketing, network security, device validation, micro-segmentation and ID management solutions are still only building multiple complex protective perimeters.
The challenge with any kind of perimeter security, even with these modern technologies is that they have a very high maintenance overhead with many layers to orchestrate across multiple systems. Complete separation of applications and services using this method is complicated, if not impossible to manage.
Even with all this overhead, the data is still vulnerable in "clear text" and the data is essentially dumb with no context of what is a legitimate use, processing purpose or whether it is allowed to be used by a system or transferred to 3rd parties outside the UK
So how does it work ?
With our zero trust data security, you assume no trust and scramble the sensitive personal data where it is stored and when it is in flow. This means that even if you were hacked the data would not be readable, when its being transferred to a 3rd party, its not readable, should a developer be testing an app database, its not readable.
Our solution is privacy aware, the keys used to lock the data are linked to your processing purposes, your data processors, your data subjects as well as your services. Our solution makes sure that the personal data you are responsible for is protected from misuse and theft, is only used for legitimate purposes and gives you full control over internal and 3rd party operations.
Privacy1 is one of only a few companies to secure the data asset itself and ensure that these assets are not stored or transferred in clear text.
Further Privacy1 is the only vendor that makes this capability privacy aware with both consent and processing purpose context to bridge the void between IT security and privacy compliance.