How we combine Zero Trust and Data Protection regulations

In 2022 we published the paper "Leveraging Zero Trust Security Strategy to Facilitate Compliance to Data Protection Regulations” in London. This paper deals with how to combine Zero Trust strategies with Data Protection and Privacy. 

The combination of Zero Trust Strategies with Data Protection and Privacy

Implementing privacy requirements into technology is cumbersome. On the one hand, we see the speed at which technology develops; on the other hand, we observe ambiguity during the implementation of privacy regulations into the operation of organizations. It is like replacing one engine of a plane during the flight. You cannot freeze the environment and implement, test and release.

Zero Trust Security is a strategic approach to information security, defining critical segments that house crown jewels and implement security measures according to a structured process that also encompasses data privacy requirements. A Zero Trust Segment can be a High Valuable Asset that processes Personally Identifiable Information (PII) that needs protection. The aim of this paper is to describe the GDPR implementation problems at hand and elaborate on the empirical examination with Chief Information Security Officers (CISO’s) and Data Protection Officers (DPO’s) to complement the ON2IT Zero Trust Framework with additional data protection requirements.