WHAT IS ZERO TRUST?
Zero Trust is a strategic initiative and principle that helps organizations prevent data breaches and protect their assets by assuming no entity is trusted. Going beyond the “castle-and-moat” concept which had dominated traditional perimeter security, Zero Trust recognizes that when it comes to security, trust is a vulnerability. Traditional security considered all users trusted once inside a network—including threat actors and malicious insiders.
By eliminating the concept of a “safe” network, Zero Trust requires strict identity verification and moves the decision to authenticate and authorize closer to the resource. The identity of the user/device/service provides key context for the application of access policies. With Zero Trust, access rules are as granular as possible to enforce least privileges required to perform the requested action.