New DoD Zero Trust Data Guidelines

The DoD published an update to its Zero Trust Strategy (attached). The most important item is data's increased role in their Zero Trust strategy. In the past, the DoD defined Zero Trust primarily from a network, device, and identity perspective (the data component was not prominent). Two changes drive the evolution of the DoD’s Zero Trust Strategy; 1/ the growth of sensor/imaging data and ensuring that it is available to front-line personnel and 2/real-world experience from Ukraine in which wireless networks are continuously jammed. These two factors have resulted in a new warfighting model in which mission-critical data is stored at the edge along with authorization policies. In fact, the only example of Zero Trust in action on Page 6 is about moving away from the older approach to locking down data in one place to allowing any authorized user to access data WHENEVER and WHEREVER they are (they actually capitalize those words).

From an XQ perspective, DoD’s strategic shift of moving the data and authorization to those who need it aligns perfectly with the company’s product strategy of having policies follow the data. While XQ is not in the business of providing tactical data solutions, DoD’s Zero Trust Strategy is a tremendous endorsement of its approach. Furthermore, the DoD defines seven features required of Zero Trust Data Protection, which XQ meets (Page 16). Thus, we should leverage the DoD’s definition of Zero Trust Data in our customer communications. #data #zerotrust #DoD #cyber

DoD Zero Trust Strategy Review