Titaniam

Improving on NIST800207: Data Enforcement Point enforces Zero Clear text

Looking at #NIST800207. Given that every successful data or privacy breach represents the failure of trust algorithms powering the Zero Trust Architecture, Titaniam, Inc. would suggest that the PEP (Policy Enforcement Point) should be complemented by a “DEP” (Data Enforcement Point). The DEP could be an enhancement of the existing Data Access Policy or stand alone as it concerns more than just access to the data. Where the PEP’s job is to assume Zero Trust from an access POV, the DEP’s job would be to assume Zero Trust from a data POV. The DEP would enforce a Zero Clear Text sensitive data policy at all times, even for data-in-use. When default data retrieval for trusted users is in a protected format (i.e. they do not obtain clear text by default), then we will truly achieve Zero Trust. Until then, the game for attackers is all about getting to trusted status…

 

Interested in learning more about how Titaniam can help? Get started today with a demo