What is Zero Trust?
A ZT strategy refers not to a pre-determined product suite, but a shift in security mindset. ZT assumes all person and non-person users, whether inside or outside an organization’s network cannot be automatically trusted. They must be authenticated and authorized continually for all access requests. A ZT architecture applies to on-premises, cloud, and hybrid environments. Because ZT security assumes any actor can be a threat, it monitors all activity and limits user access to controlled segments of the network, ensuring that if malicious actors or malware get in, they won’t be able to jump from one system to another.
The DOD reference architecture enumerates five major tenets of ZT, which define the ZT mindset. These tenets drive the selection and implementation of new and updated security capabilities that organizations will need as they transition toward a ZT framework.