Zero trust security model

From Wiki 4 Men
Jump to navigation Jump to search

The zero trust security model, also known as zero trust architecture (ZTA), zero trust network access (ZTNA), and perimeterless security describes an approach to the strategy, design and implementation of IT systems. The main concept behind the zero trust security model is "never trust, always verify", which means that users and devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified.

ZTA is implemented by establishing strong identity verification, validating device compliance prior to granting access, and ensuring least privilege access to only explicitly-authorized resources. Most modern corporate networks consist of many interconnected zones, cloud services and infrastructure, connections to remote and mobile environments, and connections to non-conventional IT, such as IoT devices.

The reasoning for zero trust is that the traditional approach – trusting users and devices within a notional "corporate perimeter", or users and devices connected via a VPN – is not sufficient in the complex environment of a corporate network. The zero trust approach advocates mutual authentication, including checking the identity and integrity of users and devices without respect to location, and providing access to applications and services based on the confidence of user and device identity and device health in combination with user authentication. The zero trust architecture has been proposed for use in specific areas such as supply chains.

The principles of zero trust can be applied to data access, and to the management of data. This brings about zero trust data security where every request to access the data needs to be authenticated dynamically and ensure least privileged access to resources. In order to determine if access can be granted, policies can be applied based on the attributes of the data, who the user is, and the type of environment using Attribute-Based Access Control (ABAC). This zero-trust data security approach can protect access to the data.

This article contains information imported from the English Wikipedia. In most cases the page history will have details. If you need information on the importation and have difficulty obtaining it please contact the site administrators.

Wikipedia shows a strong woke bias. Text copied over from Wikipedia can be corrected and improved.