Zero Trust Architecture assumes no network boundary and allows for the broad usage of public networks to allow devices to access enterprise resources. This improved access comes with the increased risk of information exfiltration and requires different approaches to controlling access to sensitive information. How does a CIO or CISO support the expansion of mission while protecting the information. The most logical approach involves reducing the threat surface by limiting access based on need to know and levels of trust. That level of access control is hard when relying just on role based access control (RBAC). Fortunately, the convergence of new technologies including Data Security Posture Management (DSPM) and Zero Trust Application have made this capability not only technically feasible but significantly easier then in the past

This presentation will show how an organization can create ubiquitous compartmentalization with existing technologies while migrating legacy applications to the cloud. The method for accomplishing these objectives includes utilizing DSPM and  the Zero Trust Application Framework (ZTAF) which is derived from NIST SP 800-207 and NIST SP 800-204a, b, and c. Those standards detail how to build cloud native applications based on microservices within a service mesh that utilizes attribute-based access control. That framework has been expanded to incorporate other capabilities like DSPM and Attribute Based Encryption and the ability to have offline files with access control built into the file.