Home » Business Automation Glossary » Zero Trust Architecture
Zero Trust Architecture

What is meant by zero trust architecture?

Zero Trust Architecture (ZTA) is a cybersecurity framework that requires all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

What are the three main concepts of zero trust?

The three main concepts of Zero Trust are:

  1. Verify Explicitly: Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.
  2. Use Least Privilege Access: Give users only the access they need to accomplish their tasks, and limit lateral movement within the network by segmenting access by network, user, devices, and application.
  3. Assume Breach: Operate under the assumption that a breach has occurred or will occur, thus minimizing the impact and preparing for a rapid response.

What is the zero trust architecture requirement?

The fundamental requirement of Zero Trust Architecture is to implement robust identity verification, validate device compliance before access, and ensure data and resources are accessed securely with the least privilege. This requires a combination of technology solutions, strict policies, and ongoing monitoring to verify trust before granting access and to maintain that trust level.

What are the 5 pillars of zero trust?

The five pillars of Zero Trust, as identified by the National Institute of Standards and Technology (NIST), are:

  • Identity: Verifying who is requesting access to ensure they are who they claim to be.
  • Device: Ensuring the security posture of the device before it can access network resources.
  • Network: Segmenting the network to prevent lateral movement and enforcing policy-based security perimeters.
  • Application: Controlling access to applications and associated data.
  • Data: Classifying, encrypting, and monitoring data to protect it both at rest and in transit.