Definition: Zero trust is a cybersecurity strategy and framework for cloud and mobile security that emphasizes that by default, no user or application should be trusted. By ensuring that a zero trust architecture is in place, all users, whether in or outside the organization’s network, need to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
Zero Trust explained
Following a fundamental zero trust principle - least-privileged access controls and strict user authentication - trust should be established contextually, with policy checks at each stage, (e.g., user identity and location, the security posture of the endpoint, the application or service being requested) as a zero trust principle is based on the premise that there is no such thing as a traditional network edge and that networks can be local, in the cloud, hybrid, or a combination of both, with people and resources spread around the globe.
The Zero Trust architecture implies that there are attackers both within and outside the network, hence no users or machines should be automatically trusted. Zero Trust authenticates user identities and privileges, as well as device identities and security. Once established, logins and connections time out on a regular basis, requiring users and devices to be constantly re-verified.
Zero Trust leverages technologies such as multi-factor authentication, IAM (Identity and Access Management), orchestration, analytics, encryption, scoring, and file system permissions to deliver this. Zero Trust also advocates for governance policies such as granting users the least amount of access necessary to accomplish a specific task.
By following the Core Principles of a Zero Trust model, this stricter approach to security has been shown to prevent data breaches.
Utimaco provides a range of solutions and services that help setting up zero trust architectures even in decentralized and geographically distributed structures.