The old proverb “trust but verify” was made famous by U.S. president Ronald Reagan in December 1987 after the signing of the Intermediate-Range Nuclear Forces (INF) Treaty with Mikhail Gorbachev. The phrase seems contradictory: if you trust someone, what is there to verify?
The actual principle of the treaty was “never trust, always verify,” which is also the guiding principle behind Zero Trust in cybersecurity. In a Zero Trust architecture, your network location is not a primary criterion for trust. Instead, every device, user, application, and network flow is considered a potential threat and therefore must be authenticated and authorized.
