The Old Perimeter Model
For years security meant a hard outer wall and a soft trusted inside. Once inside the corporate network you were treated as friendly. That assumption fails when an attacker phishes one laptop or a contractor connects from a coffee shop. A single breach inside the wall gave wide lateral movement.
What Zero Trust Means
Zero Trust assumes the network is already hostile and trusts nothing by default. Every request must prove who it is and whether it is allowed, no matter where it comes from.
- Verify explicitly using strong identity, device health, and context on each request.
- Least privilege grants only the access needed for the task and nothing more.
- Assume breach so you segment, log, and limit the blast radius of any one compromise.
How It Works In Practice
- Authenticate the user and the device before granting access to a resource.
- Apply policy at a policy enforcement point in front of each application.
- Re-evaluate trust continuously rather than once at login.
Key idea
Zero Trust removes implicit trust in the network location and verifies identity, device, and context on every single request.