An architecture pattern that allows data to be queried or consumed without moving it between systems. It reduces duplication and operational overhead, but it also means governance must travel with the data and the identities that access it, because the storage boundary is no longer the control boundary.
Expanded Definition
Zero-copy data access is an architecture pattern in which data is queried or consumed in place rather than duplicated into another system. In NHI security, the key distinction is that access decisions, logging, and policy enforcement must follow the identity and the data request, not assume the storage platform is the only control point. This is especially important when service accounts, API keys, and agents read across warehouses, lakes, and SaaS platforms.
In practice, the pattern overlaps with federation, virtualisation, and policy-based access, but it is not the same as simply “not moving files.” True zero-copy access requires durable governance over the requesting NHI, the scope of its entitlements, and the downstream systems that interpret the data. Standards-based identity and trust models such as OWASP Non-Human Identity Top 10 help frame the risks where machine access becomes the primary trust boundary.
The most common misapplication is treating zero-copy as a performance feature while leaving credentials, authorisation rules, and audit controls tied to the source system only, which occurs when multiple teams federate access without a unified policy model.
Examples and Use Cases
Implementing zero-copy data access rigorously often introduces tighter dependency on identity governance, requiring organisations to weigh lower duplication and faster analytics against more complex policy enforcement.
- A data platform queries customer records in a source system through a governed connector, so analysts never export a duplicate dataset but still inherit row-level restrictions.
- An AI agent reads operational telemetry from a warehouse and a ticketing system without copying records into a staging area, reducing sprawl while increasing the need for scoped service-account permissions.
- A partner integration accesses regulated data through a virtualised layer, allowing controlled consumption while preserving source-of-truth residency requirements and audit trails.
- A security team uses the pattern to minimise sensitive data replication during incident review, but it must ensure the access path is logged and that secrets are not embedded in code or pipelines.
NHIMG’s research highlights the operational pressure behind this model: only 5.7% of organisations have full visibility into their service accounts, a gap detailed in the Ultimate Guide to NHIs — Key Research and Survey Results. For implementation guidance, the pattern is often discussed alongside distributed access controls in NIST Privacy Framework-style governance models, even when the term itself is not standardised.
Another useful reference is the 52 NHI Breaches Analysis, which shows how weak machine identity control can undermine otherwise sound data architecture.
Why It Matters in NHI Security
Zero-copy data access matters because it removes the old assumption that copying data into a trusted enclave automatically creates a safer boundary. When the same service account can reach multiple systems, the real attack surface shifts to secret hygiene, entitlement scope, and the quality of authorization checks at each hop. If an agent or integration is over-privileged, the absence of data movement does not reduce blast radius.
NHIMG reports that 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, based on the Ultimate Guide to NHIs. That statistic is directly relevant here because zero-copy patterns often scale access faster than governance unless entitlement reviews, secret rotation, and tool-level logging are built in from the start. The governance model also needs to align with machine-identity guidance in the OWASP Non-Human Identity Top 10, especially where persistent credentials are used to broker access across systems.
Organisations typically encounter the consequences only after a data access review, incident response, or partner breach exposes how many systems a single NHI could reach, at which point zero-copy data access becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Zero-copy still depends on safe secret handling and machine identity governance. |
| NIST CSF 2.0 | PR.AC-4 | Access permissions must follow least-privilege principles across shared data paths. |
| NIST Zero Trust (SP 800-207) | AC-4 | Zero trust requires policy enforcement at each request, not trust in the data location. |
Inventory every NHI, rotate secrets, and limit access paths even when data is not duplicated.
