Skip to main content
Zero Trust

Zero Trust

CYBERSECURITY DICTIONARY

Zero Trust

Zero Trust is an information security model based on the principle of maintaining strict access controls by not trusting anyone or any action by default, even those already inside the network perimeter. Each transaction is evaluated for need and risk.

Created in 2010 by John Kindervag (then a principal analyst at Forrester Research), Zero Trust Network, or Zero Trust Architecture, is centered on the belief that organizations should not automatically trust anything inside or outside its perimeters. Instead, it must verify anything and everything trying to connect to its environment before granting access thereby cutting off all access until the system knows who that person is: No access to IP addresses, machines, etc. until that user has been identified and authorized. This model combines network and application micro-segmentation and identity and access management platforms to verify access and authorization, and it allows for more granular access control and machine/application-specific policies.

This mindset is the antithesis of a hardened perimeter followed by unfettered in internal access. The old ways of thinking (ivory tower and gatekeepers mentality) had organizations focused on perimeter defense all the while assuming everything in the tower didn’t pose a threat and had permission. This shift in approach is because the tower itself no longer exists in isolation as it used to. Organizations don’t have corporate data centers serving a contained network of systems anymore. Instead, it’s a mix of on-premises and cloud with users (employees, customers and partners – accessing all types of applications from various devices in multiple locations around the globe.

The Zero Trust approach relies on several technologies and governance including micro-segmentation and user-based granular perimeter enforcement (locations and other data) to determine whether to trust a user, machine or application seeking access to a particular part of the enterprise. For example: Who is Joe? Is it really him? What endpoint is he coming from, is it secure? Moreover, should there be a rule around this access? Do we need to create a conditional policy around access to certain information? To do this, Zero Trust employs multifactor authentication, IAM, orchestration, analytics, encryption, scoring and file system permissions and also calls for governance policies such as giving users the least amount of access they need to accomplish a specific task.

 

Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.

Explore the Dictionary

Related Assets

February 13, 2018

Using Micro-Segmentation to Protect Your Data – Part 2

While micro-segmentation, software-defined networking (SDN) and software-defined data center (SDDC) technology providers VMWare, Cisco and Amazon Web ...

See Details

September 04, 2014

Establishing A Zero-Trust Infrastructure

When looking at a security posture, the main concern is usually about blocking a potential attacker who sits outside our network from getting inside o...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.