While data security breaches are a common occurrence, some attract more attention than others. Earlier this year, the US Special Operations Command (USSOCOM) confirmed that hundreds of sensitive Department of Defense documents were leaked over a period of two weeks.
The Senate defense appropriations subcommittee demanded answers for how a single individual could have taken and distributed classified information without being detected, in which top security experts were quick to note that insider attacks such as this one are prevalent.
Insider attacks have been a primary motive behind many ongoing efforts to increase federal data security, including a shift to Zero Trust methods. In fact, the US Navy Chief Technology Officer Dan Yeske said in a recent interview that, had the Pentagon already adopted a Zero Trust data security model, the military would have recognized and responded to breaches like this one sooner.
The Current State of Federal Data Security
When considering security for sensitive data, the common perception may be that confidential military or government data is fundamentally more protected than information stored by private companies. However, the reality is that many of the same threats apply to both.
This is why the Zero Trust paradigm has been gaining attention and traction across industries, including the governmental sector. As it stands, the Pentagon already has a plan in place to introduce a Zero Trust security model into effect, by 2027.
This plan by the US government aims to shore up other cybersecurity efforts for all federal agencies. In April 2023, the Cybersecurity and Infrastructure Security Agency (CISA) published what is known as the Zero Trust Maturity Model (ZTMM) in response to an Executive Order (14028) calling for “Improving the Nation’s Cybersecurity.” Order 14028 requires all federal agencies to develop a plan to implement a Zero Trust architecture to address the shortcomings in the current data protection constructs.
It should be noted, that the Zero Trust Framework has already been successfully introduced in many industries. Rather than reinventing the wheel, the US Government has mandated Federal Agencies to adopt the CISA Zero-Trust Maturity Model into existing tools to mitigate network weaknesses.
While the CISA ZTMM model was specifically developed for federal agencies, many in the private sector have also taken notice. The model provides an approach for any organization to achieve continued modernization efforts related to Zero Trust — which is a criticality within a rapidly evolving technology landscape.
The Role of Zero Trust in Securing Pentagon Data
The US Navy CTO – Yeske – has been stating very poignantly time and again that Zero Trust security could have empowered a faster and more effective response to breaches and Pentagon data leaks. While this highlights some of Zero-Trust’s key benefits thereof, there is a game-changing potential in utilizing Self-Protecting-Data that go beyond simple protection.
It is also important to note that in addition to the benefits mentioned by CTO Yeske, the true value of Self-Protecting-Data files is in preventing a rogue agent from accessing or sharing the files, to begin with. To fully realize the benefits of Self-Protecting- Data, agencies need to set their sights even higher than the military’s current plans.
While it is certainly true that a Zero Trust system would have allowed the Pentagon to recognize the breach far sooner than the six months that it took, properly implemented Zero Trust protocols could have stopped a rogue actor instantly when attempting to access unauthorized files.
This is true in the vast majority of information leaks, Zero Trust could have prevented many breaches in both the public and private sectors. As it stands, insider threats persist as the most ubiquitous threats to private data in all sectors. According to a 2022 report, insider threat incidents have been on an incline, and rose by 44% over the two previous years, with the cost per incident rising by an average of more than 30% year-over-year.
The perception that the primary benefit of adopting a Zero-Trust posture entails identifying and responding to leaks is rooted in a conventional understanding of information security. Traditional digital security is fundamentally reactive. This means that, in many cases, Zero Trust is used as an enhanced form of traditional data privacy systems, and remains dependent on networks and demarcations. While this is an improvement, effectuating the implementation of Self-Protecting-Data will atone for existing vulnerabilities within a Security Perimeter in which the data transverses and is consumed.
In all, perimeter security will always be an essential element of a comprehensive data security plan. Most sophisticated layered Perimeters are vulnerable to cyberattacks. Threats often go unmitigated, due to insiders with legitimate access credentials, as was the case in the most recent Pentagon breach.
Zero Trust seeks to address weaknesses in ensuring data privacy. A Zero-Trust-Architecture at the Data-Layer untethers reliance on security Perimeters and Identity Access Management systems, to enable data files to protect themselves independently through an embedded trust-cycle.
Truly Secure Data with Sertainty in 2023
Sertainty has redefined how information is protected to ensure data privacy even where firewalls fail. Using cutting-edge protocols and embedding intelligence directly into data files and datasets, Sertainty leverages proprietary processes that enable data to govern, track, and defend itself. These protocols mean that the data remains secure even if systems are compromised.
At Sertainty, we know that data is the most valuable asset to your organization’s continued success. Our industry-leading Data Privacy Platform has pioneered what it means for data to be intelligent and actionable, helping companies move forward with a proven and sustainable approach to their cybersecurity needs.
As the digital landscape evolves and networks become more widely accessible, Sertainty is committed to providing Self-Protecting Data solutions that evolve and grow to defend your crown jewels. Instead of focusing on your network’s inherent shortcomings, we enable you to safely and confidently embrace the potential of a new online-oriented world. Our self-protecting Zero Trust protocols mean that even if systems are compromised, data remains secure.