Zero Trust Overview

Zero Trust is a security model built on the principle of “never trust, always verify.” Instead of assuming that someone with access to a system is safe, Zero Trust requires continuous verification of every request, no matter the user, device, or location. The goal is to minimize the blast radius of a breach by enforcing least privileged access — granting users only the specific data or actions they need, nothing more. In a Zero Trust environment, security isn’t a one-time checkpoint; it’s an ongoing process of validation, monitoring, and restriction.

Traditional databases, however, are fundamentally misaligned with Zero Trust. Once a user is granted access to a table, they automatically gain the ability to read every row within it — even if their job requires only a single record. This all-or-nothing model makes it impossible to enforce true least privileged access. Sensitive fields like Social Security Numbers, health data, or financial details are exposed far beyond what is necessary, creating opportunities for misuse or catastrophic data leaks if an account is compromised.

00DB bridges this gap by introducing row/key-level and query-level governance on top of database access. As a proxy database, users no longer get direct access to the underlying database — instead, every query is filtered and controlled through 00DB. By limiting not just what tables a user can touch, but also how many sensitive records they can retrieve, 00DB enables organizations to apply Zero Trust principles to their data layer for the first time.

This is a visual representation of how 00DB proxy databases can allow you to research or test Production issues with out accessing the entire database. In the middle of the screen you see the word K8s cluster. This stands for Kubernetes. This is where all of the databases that you use will be temporarily stored. The blue databases on the right have sensitive data in them. The Purple database has no sensitive data in it. There black storage area is the Data Governor. This determines if a subsetted image of production will be created in the K8s cluster. The users computers you see on the extreme left hand of the diagram are not able to connect directly to any of the blue databases which have sensitive data. They are only able to connect to the purple database directly.