Some common cyber threats facing the retail industry include ransomware attacks, social engineering, system intrusions and insider threats. The retail sector is often targeted by cybercriminals
Updated on April 9th, 2024.
Zero trust and zero knowledge sound similar but they refer to different cybersecurity concepts. The key difference between zero trust and zero knowledge is that zero trust relates to network security while zero knowledge relates to the privacy of data. Both are important in protecting sensitive information from falling into the wrong hands.
Continue reading to learn more about zero trust and zero knowledge, the key differences between them and why organizations need both.
What is zero trust?
Zero trust is a cybersecurity framework that requires users and devices to be continuously authenticated. It assumes every user and device could be compromised and doesn’t automatically trust anyone within or outside the organization’s network. Anyone and anything, human or machine, must be continuously and explicitly verified before they gain access to the network.
Once the user or machine has gained access to the network, they are given the minimum amount of network access required to do their jobs. They cannot access anything else within the network. This limitation of access prevents cybercriminals from accessing other sensitive information if a user’s account is compromised. Zero trust focuses not on where the user is logging in from, but on who they are.
Zero trust is made up of three core principles:
- Assume breach: Zero trust assumes every user or machine trying to access an organization’s network could be compromised and lead to a security breach.
- Verify explicitly: Since zero trust gets rid of implicit trust, users and machines must prove they are who they say they are, every time they need access.
- Ensure least privilege: Once a user or machine has been verified and granted access, they are given the minimum amount of network access to do their jobs, and no more.
What is zero knowledge?
Zero knowledge is a security model that uses encryption and data segmentation to mitigate the effects of data breaches. It does this by encrypting and decrypting data on the device level, rather than on the company’s servers or in the cloud. The application using zero-knowledge encryption does not store the data in plaintext, and the service provider never receives that data in plaintext either. The keys required to decrypt the stored data are only available to the user on their device. This ensures that if the service provider were breached, all of the stored data remains encrypted and protected.
Key differences between zero trust and zero knowledge
People often confuse zero trust and zero knowledge because they both improve the security of users and organizations. However, zero trust can be remembered by its tagline “trust no one” while zero knowledge can be remembered by its tagline “we know nothing.” Here are the key differences between zero trust and zero knowledge.
Zero Trust | Zero Knowledge | |
---|---|---|
Definition | Focuses on network security through continuous and explicit authentication and authorization of all users | Focuses on data security through encrypting and decrypting data on the device level |
Method of protection | Verification | Encryption |
Responsibility | Organization | Service provider |
Implementation techniques | Multi-Factor Authentication (MFA), network segmentation and least privilege access | 256-bit symmetric encryption and transport layer security from the service provider |
Why organizations need both zero trust and zero knowledge
Organizations need both zero trust and zero knowledge to protect their sensitive data from becoming compromised through unauthorized access. Organizations need to entrust their data to service providers who use zero-knowledge encryption to ensure the organization is the only one who can access the data.
Some organizations have transitioned into a hybrid environment using both cloud and on-premises infrastructure, making zero trust vital to protect their sensitive data. Zero trust gives organizations visibility into their infrastructure and helps reduce the risk of cyber attacks. With zero trust, organizations can see all users and machines trying to access their network, where they are trying to connect from and what they’re trying to access. It also helps reduce the risk of cyber attacks by only allowing access to authorized users and limiting those authorized users to the minimum amount of network access, preventing lateral movement from within the network.
Zero knowledge secures an organization’s data, even if the service provider is breached. Since the service provider cannot decrypt the organization’s data, cybercriminals who breach and steal data from the service provider would only have the data in ciphertext and could not decrypt it. Zero knowledge also protects data at rest and in transit since data is only encrypted and decrypted on the user’s device. The application never stores data in plaintext, meaning the service provider cannot see it. When data is synchronized to other devices, the data remains encrypted until it is decrypted on the other device by the user. Data in transit is protected through transmission key encryption meaning it cannot be intercepted and read by unauthorized users.
How Keeper® is zero trust and zero knowledge
Keeper Security enables zero trust by unifying our password management, secrets management and connection management solutions, all built on our proprietary zero-knowledge encryption model. Organizations have full visibility into their entire data infrastructure. Keeper products are protected with zero-knowledge encryption, ensuring that organizations are the only ones who can access their data and no one else, not even Keeper. You can read more about our security architecture here.
The best way to implement zero trust and zero knowledge is with KeeperPAM. KeeperPAM™ combines Keeper Enterprise Password Manager (EPM), Keeper Secrets Manager® (KSM) and Keeper Connection Manager® (KCM) to give organizations complete visibility, security and control across every privileged user and device in your organization.