In this insight piece, published by SC Media, Michael Chertoff and Virtru CEO John Ackerly make the case for zero-trust and data-centric security (DCS) controls as a solution to the dual challenge of classified data leaks and the need to swiftly share sensitive data with those who have a legitimate need to know.
Zero-trust assumes that no devices, users, or networks are automatically trusted, and that users are verified before being granted access to specific resources. This approach helps to reduce attack surface and minimize the risk of insider threats and unauthorized access to data. DCS prioritizes protecting the data itself rather than just the perimeter of the network. This approach entails encrypting sensitive data, controlling access to it, and monitoring its usage to detect any suspicious activity.
Combining these two security approaches creates a more resilient system that enables efficient information sharing on a need-to-know basis, simultaneously protecting national secrets against evolving threats.
The authors lay out steps the federal government can take to adopt and integrate these technologies to protect data and sensitive information.
Read full article here.