Zero trust is a cybersecurity principle that assumes a network is always under threat of attack, treating every identity as guilty until proven innocent.
A zero trust strategy involves fully authenticating and authorizing every request made by identities (users, devices, and applications) from inside or outside the company firewall, as though they could be malicious. It doesn’t matter what system or resource a user is trying to access or what permissions they have, zero trust takes nothing at face value and never automatically assumes a user is legitimate.
The principle, in short, is: “Never trust, always verify”.
Of course, not every identity or request is a threat to the system. But by always assuming the worst-case scenario, zero trust encourages a security-first mindset, which helps an organization reduce the attack surface of its network and better prepare its incident response measures.
Note: Zero trust is a security strategy – it’s not implemented via a single platform or application but through a collection of tools, behaviors, and best practices.
Why is zero trust important?
Employees today work remotely around the world, often using their own devices, and engage with various systems, applications, and endpoints across on-premises and cloud platforms.
This means that the traditional ‘us vs them’ mentality in cybersecurity – that a company firewall is safe from the threats lurking outside – is outdated. Attackers are now just as likely to come from within a company network, and their methods of impersonating users, moving laterally across systems, and stealing sensitive resources grow ever more sophisticated. A framework as strict as zero trust is necessary for creating a baseline level of security in such a dynamic and unpredictable environment.
The zero trust architecture
Zero trust revolves around three main principles:
1. Verify explicitly
It doesn’t matter who they say they are, what location they’re working from, or what they’re trying to access, every identity should be properly authenticated and authorized every time it tries to make a new connection. This verification should be based on all the information available, including the identity’s location, health, classification, and more.
2. Least privilege
Users should be given the bare minimum level of privileges necessary to do their job. This can be enforced with authentication tools like multi-factor authentication (MFA) and just-in-time access, as well as by auditing, isolating, and monitoring high-privilege sessions.
3. Assume breach
Always plan for the worst – that a user or request is trying to attack the network. This involves setting up risk-based adaptive policies and incident response plans, segmenting important access permissions and components, and using analytics to improve threat detection.
