Core principle 4: Zero Trust

Frequently, not all the parties involved in chains and networks are familiar with each other. This is the case for many sectors, including construction, industries, defense, governance, agri-food and logistics. Regardless, secure and responsible data sharing is important. Therefore, the BDI is based on the Zero Trust principle: trust is never automatically granted, but based on rules, context and control. Within the BDI, trust is not assumed, but a controlled and retraceable decision. 

How does it work?

Organizations decide:

• with whom;
• under what conditions;
• and for what purpose

they want to share their data. Access to their data is only granted when there is a relevant cause and if the receiving party adheres to the agreed-upon conditions.

The BDI differentiates between:

• organizations
• persons or roles
• systems or applications

Access can be regulated automatically via an authorized employee or system. The BDI follows the five zero-trust rules:

1. There is no central trust authority: autonomy for every party is preserved.
2. Identity does not equal trustworthiness; authentication is not the same as trust.
3. Context determines the level of trust.
4. Reputation and behavior are taken into account.
5. Trust information can be shared within networks (federations).

What does that mean in practice?

• One can securely collaborate with unknown parties.
• Data is only shared after authentication and authorization.
• Trust is not assumed, but judged dynamically.
• Risks are managed without blocking innovation.
• The system adjusts the level of security based on risks and context.