Zero Trust is an IT security model based on the principle “never trust, always verify”.
Increased use of the cloud, the proliferation of IoT technologies and the development of mobility and teleworking, together with the emergence of new cyber threats such as ransomware attacks, have made it more difficult to protect information systems.
The Zero Trust model proposes to overcome the limitations of traditional security measures, such as firewalls and VPNs, by placing the verification of user, device and application identity at the heart of access policies.
In this sense, it challenges the perimeter security model, in which entities, once connected to the organisation’s internal network, are considered trustworthy and can easily move around and access substantial resources.
Zero Trust reduces this implicit trust by means of regular, dynamic, granular checks and authentication procedures.
In this model, access is given based on the lowest level of privilege required for the task in question.
All access requests are monitored, regardless of their location (inside or outside the network), and contextualized.
Authorisations take into account attributes such as the identity and behaviour of the user, the sensitivity of the resources requested, and the access times.
Zero Trust is a new paradigm whose implementation relies on several technologies and processes such as identity and access management (IAM) software, multi-factor authentication, network micro-segmentation, security information and event management (SIEM) systems and user awareness.
In this age of distributed computing and mobile working, these tools help to protect an organisation’s resources, regardless of where they are being accessed from.