Zero Trust

Zero Trust is a security concept in which every user and every network device is considered untrustworthy until verified and authenticated.

The term “zero trust” was coined in 2010 by John Kindervag, then an analyst at Forrester Research. Kindervag developed the concept in response to traditional perimeter-based security approaches in which a network was considered trustworthy as long as it was within a certain boundary. Within zero trust, however, any access attempt is considered potentially insecure and must be verified and authorized regardless of its origin or location on the network.

Establish and enforce security policies

Zero trust requires IT admins to establish and manage the necessary security policies, and identity and access management mechanisms. This includes but is not limited to establishing and enforcing multifactor authentication (MFA), defining roles and permissions, continuously updating security policies, and conducting regular reviews and audits.

One established method is segmentation. It involves dividing a network into distinct logical areas, such as a specific group of devices or users. Micro segmentation goes one step further by dividing individual workloads, applications or types of network traffic into in separate isolated segments. Segmentation makes it easier to manage traffic, enforce security policies and reduce attack surfaces.

IT admins often use identity and access management tools to manage identities, assign user roles and permissions, and control access to resources.