5/27/2026 • 5 min read
Zero Trust is no longer limited to the network and now places data at the center of the security strategy. With the disappearance of the traditional perimeter, organizations must continuously maintain visibility over their sensitive data, as well as control access and usage.
82% of data breaches involve data stored in the cloud (IBM, 2023). At a time when hybrid work, SaaS applications, and third-party access have fundamentally dissolved the boundaries of the information system, continuing to rely on securing a network perimeter that no longer exists is a dangerous illusion.
In this context, the Zero Trust model is emerging not as a trend, but as the most coherent architectural response to today’s threat landscape. “Never trust, always verify” is a simple principle, but its implementation radically transforms an organization’s security posture, provided it is applied where it truly matters: on the data itself.
Zero Trust is a security model built on a foundational principle: no entity (user, device, or application) should be granted implicit trust, whether inside or outside the corporate network.
Where traditional approaches assume that everything inside the network is safe, Zero Trust takes the opposite stance: every connection is potentially hostile until proven otherwise.
This model relies on four core pillars:
Organizations must be able to identify, map and classify their sensitive data continuously, regardless of its location or how it moves across systems.
Every access request is continuously authenticated and authorized, regardless of where the connection originates. User identity, device health, resource sensitivity, and request context are evaluated at every interaction.
Users and systems are granted access only to the resources strictly necessary for their tasks. This micro-segmentation drastically reduces the attack surface and contains lateral movement in the event of a compromise.
Zero Trust is not a static state. It requires ongoing behavioral analysis to detect anomalies, access drifts, or early signals of an ongoing intrusion.
Key takeaway: Zero Trust is not about eliminating trust, but about no longer granting it by default. Every access must be earned, verified, and continuously reassessed.
Most Zero Trust implementations focus on the network and identity layers: who can connect to what, from which device, using which authentication method. This is necessary but insufficient.
Network Zero Trust secures the path. Data-centric Zero Trust secures the destination.
A user may have legitimate access from a trusted device with strong authentication… and still exfiltrate a critical file to an unapproved cloud service. The network detects nothing unusual. Yet the data is gone.
This is why an organization’s Zero Trust maturity is also measured by its ability to answer the following questions:
This data-centric approach does not replace network security; it complements it by adding a control layer directly on the information itself, where its real value lies.
Key takeaway: Securing access without monitoring how data is used is like locking the front door while leaving the windows open. Mature Zero Trust treats data as a first-class security asset.
The enterprise network as it was designed ten years ago—a set of assets enclosed behind a firewall—no longer exists. Several structural shifts have made the perimeter model obsolete:
Employees connect from home, coworking spaces, and while on the move. Data resides across dozens of cloud platforms. Partners and vendors access internal resources directly. The perimeter is everywhere—and therefore nowhere.
Stolen credentials remain the leading initial access vector, accounting for 24% of data breaches. (Verizon, 2024). Attackers no longer break in—they log in using legitimate user credentials. Once inside a default-trusting network, they move laterally and access data without triggering any alerts.
A malicious employee, an access right not properly revoked after departure, a compromised personal device, or simple human error: internal risks are as real as external attacks. The Zero Trust model treats both vectors with the same rigor, applying consistent controls regardless of user status.
Implementing Zero Trust is not about purchasing a tool. It is an architectural transformation involving multiple technological and organizational layers:
You cannot protect what you do not know. Real-time data mapping of sensitive assets (financial, personal, strategic) is foundational to any effective Zero Trust policy.
User and entity behaviors are modeled to detect anomalies that static rules cannot capture.
Data-centric Zero Trust naturally aligns with data loss prevention. Even legitimate access can be blocked if behavior on the data is abnormal or non-compliant.
Key takeaway: The strength of a data-centric Zero Trust approach lies in the coherence of its components. Data mapping and access control must operate together, not in silos.
GDPR, NIS2, and DORA require organizations to demonstrate who accesses which data, under what context, and with what safeguards. Zero Trust structurally addresses these requirements by providing full traceability of access and data operations, stronger control over third parties and vendors, and a significantly reduced attack surface. This approach aligns directly with GDPR principles of data minimization and risk limitation.
For a CIO or CISO facing audits or compliance requirements, a Zero Trust architecture provides tangible evidence of controlled access governance and a credible answer to regulators.
Data-centric Zero Trust is rapidly emerging as the industry standard, driven by the growing need for resilience against increasing cyberattacks, cloud adoption, and sensitive data exchange. Organizations are no longer only aiming to prevent intrusion; they are seeking to maintain control over their data even in compromised environments. At Cyber Show Paris 2025, Daspren was awarded the Zero Trust Trophy, a recognition that reflects the relevance of this data-centric vision in a rapidly maturing market.
Credit: Cyber Show Paris, from left to right: Sandy Dussottier (Group Security Team at Crédit Agricole), Artus Raulo (Marketing Manager at Daspren), and Belkacem TEIBI (Co-founder and CEO of Daspren).
Zero Trust is not an additional constraint imposed by threats. It is a transformation lever that simultaneously strengthens security, compliance, and operational resilience—provided it is applied down to the data layer, not just the network.
In a context where a single compromised account can trigger a major crisis, waiting is not an option. Organizations that adopt Zero Trust today are not only protecting themselves—they are building a digital foundation they can rely on with confidence for the future.
If you want to learn more about implementing a data-centric Zero Trust architecture, contact us for a demo.
