Cyber

Which is the best aspect to focus on first: network or identity? That’s a question many organizations ask when planning their Zero Trust journey. While both are key pillars to address in a Zero Trust journey, the overarching approach should be to start with your data and let that data be your guide. Data Security Posture Management (DSPM) plays a unique role in enabling businesses to achieve this thanks to its capacity for identifying potentially insecure combinations of identity, access and data. From validating applications and workloads by data sensitivity or function to gaining appropriate context with less risk, this article outlines the advantages DSPM offers to organizations seeking to progress toward Zero Trust maturity.

 

The Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Maturity Model: A Critical Reference

 

 

At Kroll, we believe CISA’s Maturity Model is a core reference item for a Zero Trust journey. With eight core pillars—Devices, Network, Identity, Applications & Workloads, Visibility, Orchestration and Governance—there’s a lot to think about and address on your progression toward maturing your organization.

A Zero Trust architecture and mindset need all these pillars working together to ensure what your organization puts in place stays in place and can evolve to keep up with the ever-changing security and threat landscape. The outputs of a DSPM conversation easily support the first step of your Zero Trust journey – map your protect surfaces. Protect surfaces are made up of four key elements: data, applications, assets and services.

 

How DSPM Enables Zero Trust

Based on the CISA model, here’s how the benefits of DSPM can enable your Zero Trust journey:

 

Devices

Key items like device health, device attributes and device management strategy and capability are important considerations for making a risk-tolerant decision regarding how devices interact with your data. One of the key aspects of the device pillar is to ensure your organization has insight into the types of devices attempting to interact with your data. It’s important to correlate device posture and telemetry to identify abnormal behavior.

 

Identity

Identity is the new perimeter. Phishing-resistant multi-factor authentication is the new baseline, but organizations should be constantly verifying non-human and human identities and ensure zero standing privileges. DSPM allows you to identify who or what has access to your data and provide clear facts for your organization to evaluate if an identity should or should not have access to data.

 

Network

Organizations often become highly focused on creating Policy Decision Point (PDP) logic at either the identity or network layer. It’s essential to establish the context behind policy generation; without it, organizations can create downstream risks or shift existing risks elsewhere. Let data guide your micro-segmentation approach. Data will provide the foundation for understanding where you should seek additional clarity and context to generate logic for multiple layers.

 

Applications and Workloads

Organizations may have multiple protect surfaces to secure, and most have a clear understanding of their critical workloads. It’s often a surprise to larger organizations when they see the results of a DSPM conversation and are curious why there are certain accounts or swarms of identities attempting to access data stores, whether they’re aware or unaware of the data types in the data store. Validate your crown jewels by data sensitivity or function.

 

Data

Data is often undervalued, though it is one of the most critical aspects in application functionality, customer experience and revenue generation. It is often the case that when the word data is mentioned, organizations become cynical because a “data initiative” isn’t a priority or DLP is not in the budget. And while that’s a classic battle of the business versus security, discovering, classifying, mapping and monitoring sensitive data is a crucial, but often overlooked element of the Zero Trust journey. Threat actors aren’t attempting to breach your network just to say they can - they’re going after your data. You don’t know what you don’t know, or in this case, what you have and what might go missing.

 

Visibility

There’s a lot of highly advanced technology on the market. Yet while many companies like to buy technology, they acknowledge that they have gaps in coverage - which is why they purchased a certain technology. Technology rationalization is important, but a lot of problems can be solved if you’re able to integrate the technologies so they can work together to protect your organization. Data and telemetry are key to ensuring that you gather appropriate context in a risk-tolerant manner.

   

Orchestration

Organizations frequently evaluate how many ‘9’s are in a service provider’s service level agreement as a key success factor. However, it’s also important to think about how quickly they can triage and respond to alerts and events. Does the data provided to them, i.e., an alert from a critical application or service, have certain automation or response capabilities already built and ready to go? Time is of the essence to ensure you have the appropriate capabilities in place to ensure all security components are working together with speed, scalability and consistency.

 

Governance

Cyber legislation continues to evolve and is increasingly focused on data protection. Whether it’s providing users access to data to opt-out or delete, or rules around data isolation, DSPM provides an organization with demonstrable proof of compliance with various governance, regulatory and compliance requirements.

 

Progress Your Zero Trust Journey with Kroll

   

Kroll is uniquely positioned to help you define, validate and scale a Zero Trust strategy that aligns with your business priorities and threat landscape. As part of that, we offer Data Security Posture Management Assessments to highlight the potentially toxic combinations of data, access and identity to fuel your Zero Trust strategy and roadmap.

By integrating Zero Trust principles across identity and access management, cloud environments, operational technology and data protection, our end-to-end Zero Trust solutions help organizations build a cohesive and adaptable security posture. Whether you’re just starting out or looking to mature your program, our global team of experts can guide you every step of the way. Kroll responds to over 3,000 cyber incidents annually, applying frontline insights to shape Zero Trust strategies grounded in attacker behaviors, tactics and breach patterns.  We are tech-agnostic, but evaluate from a governance risk and compliance-aligned baseline. This means we can help you optimize your existing investments - regardless of vendor.

Kroll offers a modular Zero Trust retainer with half- or full-day workshops, assessments and tabletop exercises to support strategy development, validation and resilience testing—tailored to your maturity and goals. As part of Kroll’s Enterprise Risk Retainer, you can access our range of Zero Trust Accelerator services, providing flexible access to strategic workshops and assessments that help organizations define, test and advance their Zero Trust programs.

Get in touch today to schedule a Zero Trust assessment or explore our integrated and retainer-based offerings.