Trust in a security environment is used in lieu of absolute certainty. Trust is needed to extend or access capabilities that otherwise would not be possible, and it’s an indication of the relative strength of the assurance of the belief. The level of trust is dynamic and changes over time; access to capabilities must be adapted accordingly.
Zero trust architecture (ZTA) is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters. In ZTA there is no implied trust. The trust level is explicitly and dynamically calculated based on context. The concept draws on technologies such as multifactor authentication; encryption; file system permissions; and information about users, their locations, and applications they seek access to for calculating trust.
Amazon Web Services Blockchain, a distributed ledger technology (DLT), was employed representing multiple participants engaged in file sharing.
DLT dynamically builds trust using transaction information about the data files by creating a digital passport for each of the files. This technology offers a decentralized, democratized, transparent, universally acceptable governance mechanism for managing file exchanges. DLT assures immutability of transactions and eliminates single-point-of-failure issues while providing redundancy and availability.
With some limitations, DLT can provide an effective technical solution to addressing zero trust when acquiring data from nonfederal data sources on a global network of data providers.
For more information, contact Rohit Mital, 719.201.6996, rmital@sgt-inc.com.
This story appears in the June 2020 issue of Getting It Right, Collaborating for Mission Success.
