Zero trust is a cybersecurity concept with the principle of Never Trust, and Always Verify, requiring strict authentication and authorisation for every user and device as they access resources, and ongoing. Importantly the concept also assumes the network has hostile actors, sometimes termed Assume Breach.
Zero trust as a concept differs from the previous security paradigm of securing the perimeter, or maintaining high castle walls.
The term zero trust originated in 2010 with John Kindervag. It came as a fully-formed concept: we need to give up on the idea of trusted networks.
Traditional production and corporate networks have a notion of perimeter security, the big bad world is outside, and inside is a safer space with lax rules.
Further reading
- Zero Trust networks - Tailscale
- Overview of Zero Trust - Microsoft Learn
- The Assumed Breach conundrum (CSO online)
Related pages
- Microsegmentation
- Multi-factor authentication (MFA)
- Least privilege access
- Continuous monitoring