Instead of believing everything inside the organization’s firewall is safe, the Zero Trust model assumes breach and a “never trust, always verify” access approach.
Every request, regardless of whether it originated internally or externally, is strongly authenticated, authorized, and inspected for anomalies. “Least privileged access” principles and micro-segmentation are applied to minimize lateral movement should a breach occur.
In a Zero Trust framework, all users and devices inside and outside the organization perimeter seeking access are verified in real time.
Every access request is authenticated and authorized based on a multitude of available data points, including user identity, location, device information, data classification, and anomalies.
These access policies must strike the proper balance to keep the organization safe yet functional.