FOUNDATIONS / ZTDF
Data That Protects Itself, Wherever It Goes
Zero Trust Data Format wraps each object in its own access policy and encryption keys, so protection travels with the data instead of living in the infrastructure around it. It's the foundation of how Lattix enforces zero trust at the data layer.
Conventional security protects data by protecting its container — the network, the server, the application. The data inside stays plaintext, defended only by the perimeter around it. The moment data leaves that perimeter — shared, copied, downloaded, synced to a cloud — the protection stays behind and the data is exposed. In a world where data constantly moves across clouds, organizations, and devices, defending containers leaves the actual asset undefended exactly when it matters most.
- Perimeter and container security leave the data itself in plaintext.
- Protection doesn't travel — once data leaves the boundary, it's exposed.
- Access decided once at a gateway can't adapt as context changes.
- Shared and copied data can't be revoked or re-scoped after the fact.
- There's no built-in record of who accessed a given object.
Wrap Data in Its Own Policy
ZTDF is a self-protecting envelope: each data object is encrypted and bound to an access policy and its own keys. The policy and protection are part of the object, so they travel with it everywhere — across clouds, organizations, devices, and networks.
Evaluate Access on Every Open
Rather than trusting a one-time gateway check, ZTDF requires fresh policy evaluation on every access. Attribute-based controls weigh identity, device, location, and context each time, so access reflects current conditions — true zero trust, applied to the data itself.
Revoke and Re-Scope Anytime
Because access depends on policy and keys bound to the object, you can revoke or change access at any time — even after data has been shared or downloaded. A grant is never irreversible.
Carry Audit With the Data
Every access to a ZTDF object can be recorded to a tamper-evident ledger, so the data carries its own accountability — a verifiable history of who opened it, when, and under what policy.
Portable Protection
Encryption and policy travel with the object across any cloud, org, or device.
Continuous Zero Trust
Access is re-evaluated on every open against current context, not trusted once.
Revocable by Design
Revoke or re-scope access at any time, even after data has left your control.
Built-In Audit
Each object carries a verifiable record of who accessed it and under what policy.
Interoperable
A standards-aligned, self-describing format that works across environments.
Foundation for Everything
The same format underpins Lattix sharing, encryption, data rooms, and AI governance.
Explore Further
What is Zero Trust Data Format (ZTDF)?
Zero Trust Data Format is a self-protecting data format that wraps each object in its own encryption keys and access policy. Because protection is part of the object, it travels with the data wherever it goes, requires fresh policy evaluation on every access, and remains revocable after sharing.
How is ZTDF different from regular encryption?
Regular encryption protects data at rest or in transit but typically yields plaintext once decrypted at a boundary. ZTDF keeps the policy and keys bound to the object so access is evaluated on every open, control persists after data leaves your environment, and access can be revoked at any time.
Can ZTDF-protected data be revoked after it's shared?
Yes. Because access depends on policy and keys bound to the object, you can revoke or re-scope access at any time, including after the data has been shared, copied, or downloaded.
How does Lattix use ZTDF?
ZTDF is the foundation of the Lattix platform. The same self-protecting format underpins the Trust Fabric, secure sharing with Passport, post-quantum encryption, data rooms, and AI data governance.
See Self-Protecting Data in Action
Tell us about the data you need to protect, and we'll show you how Zero Trust Data Format keeps it secure, portable, and revocable.
Trouble with the form? info@lattix.io · Book a call