Zero Trust
Zero trust is a security model that grants no implicit trust and verifies every access request continuously, regardless of network location.
Zero trust is a security model built on the principle "never trust, always verify." It rejects the traditional perimeter model, which trusted anything inside the corporate network. Instead, every request to a resource is authenticated, authorized, and encrypted, no matter where it comes from.
How It Works
Zero trust treats every access attempt as if it originates from an untrusted network. Each request is evaluated against multiple signals: user identity, device health, location, and the sensitivity of the requested resource. Strong identity verification, often with multi-factor authentication, confirms who is asking. Policy engines then make a per-request access decision and grant the minimum access needed.
Key building blocks include strong identity and access management, device posture checks, micro-segmentation of the network, least-privilege access, and continuous monitoring. Sessions are short-lived and re-evaluated often. Encryption protects data in transit between every component, frequently using mutual TLS.
Why It Matters
Modern systems span cloud services, remote workers, and mobile devices, so a hard network perimeter no longer exists. A single compromised credential or device should not grant broad access. Zero trust limits lateral movement, so an attacker who breaches one component cannot freely reach others.
Regulators and frameworks such as NIST SP 800-207 now treat zero trust as a baseline expectation. Adopting it reduces the blast radius of breaches and improves visibility into who accesses what.
Zero trust is a journey, not a single product. Organizations adopt it incrementally, starting with critical applications and identities, then extending controls across the estate.
Related Terms
Zero trust relies on least privilege, defense in depth, and strong authentication such as multi-factor authentication. Mutual TLS and role-based access control are common implementation mechanisms.