The cost of data breaches nowadays is immense – both for organizations and society. Organizations can benefit from understanding the core components that influence both the likelihood and the impact of a data breach. Zero Trust (ZT) strategies have proven to be an effective way to address cyber risk resilience than the more traditional ‘implement-a-framework’ approach because of the ZT focus on segmenting the environment. By ringfencing sensitive data sets, limiting lateral movements and reducing the potential blast radius in case of a breach. By enforcing on every service, user, or application a strict access and verification policy, it is highly unlikely legitimate users or bad actors have unauthorized access to systems. However, traditionally Zero Trust has focus on technical measures only and associated verifications. In isolation technological measures won’t offer the so called ‘bang for reducing the buck’, they also require preventative monitoring and automated event handling capabilities. Especially in industries where regulatory agencies enforce companies to implement Cybersecurity Incident Response Teams (CSIRT) and you need to notify the authorities in a particular timeframe . Companies that do not adhere to this, are liable to hefty financial fines and other personal risks for board-members. This paper describes how Zero Trust and Zero Trust as a Service (ZTaaS) decrease the economic impact of a data breach. It elaborates on all ZTaaS components and their contribution to reducing the cost of a data breach. It concludes with a conceptual approach that practitioners can immediately leverage to reduce the potential cost of a data breach.
FULL PAPER
