With so many definitions of 'Zero Trust' out there, it's often unclear what it references. What do you think Zero Trust means? What does it encompass?

Top Answer : The latest NIST guidance on implementing a Zero Trust Architecture (ZTA) suggests that the number one priority in migrating to a ZTA is the implementation of an enterprise Identity Access Management  architecture that provides the ability to enforce policy rules at every step of the authentication process. Cloud providers do a good job providing services to implement ZTA. However, most organizations will likely be stuck in a hybrid security architecture encompassing both cloud and legacy infrastructure. The likely challenge for most organizations will be to apply ZTA processes in the cloud workflow architecture as applications migrate from server based processes to cloud work flows.

125 views
25 comments
1 upvotes
Related Tags
Green Server
IT, Health Care and Social Assistance
The latest NIST guidance on implementing a Zero Trust Architecture (ZTA) suggests that the number one priority in migrating to a ZTA is the implementation of an enterprise Identity Access Management  architecture that provides the ability to enforce policy rules at every step of the authentication process. Cloud providers do a good job providing services to implement ZTA. However, most organizations will likely be stuck in a hybrid security architecture encompassing both cloud and legacy infrastructure. The likely challenge for most organizations will be to apply ZTA processes in the cloud workflow architecture as applications migrate from server based processes to cloud work flows.
1 upvotes
Black Server
IT, Professional Services
Without searching for the term on the internet, my impression is that it is similar to the concept of least privilege where it's assumed by default that a user should not have access to anything and only with business justification can access be granted to anything and then only that thing is allowed.
0 upvotes
Pink Server
IT, Professional Services
Maintaining strict control starting with no access even to inside folks and then providing access as necessary and required
1 upvotes
Blue Charger
IT, Software
I like to start with this simple statement: "Assume that you have no/zero security perimeter, how do you ensure that all attack vectors are protected?" From that one architects and implements the correct set of solutions and technologies that results in what is now the ZTA buzzword/acronym
1 upvotes
Orange Processor
IT, Government
It is like verify then trust. A lot of companies go with two factors or multi-factors authentication to control access. Almost every banks and financial companies implement two factors authentication.
0 upvotes
Green Hard Drive
IT, Finance, Banking & Insurance
To mean it is just a new way of saying “least privileged access”. You start with the assumption that no access is assumed and only build trust as access is authorized.
1 upvotes
Green Processor
IT, Manufacturing
Like many other security terms these days, it's just regurgitating old security principles and giving them new names. Zero Trust = only those who are supposed to get access... well... get access.
0 upvotes
Blue Terminal
Engineering, Educational Services
In its most simplistic form Zero Trust means everything must verify prior to it connecting to the network.
1 upvotes
Pink Monitor
Engineering, Software
It means you have zero trust and always verify any access. Any access by a user must be verified using one or more means by which you have faith in authenticity of the verification method also control over it. Eg: if you use G-Suite you could force users to authenticate against their G-Suite account for access and you can control that level of access from none to root depending on the account. You can use more than one factor and also tune the validity periods etc.  When it comes down to it, you have zero trust that the person is who they say they are and enforce proof everytime.
0 upvotes
Orange Terminal
IT, Software
In its simplest form, no one is trusted by default, and validation is required for anyone wanting to access services within the network
0 upvotes
Blue USB Stick
IT, Biotech and Scientific R&D
to me it refers to a multitude of layered security principles.    - assume internal and external threats in the overall architecture  - segmentation data and specific access rules  - principle of lowest privilege  - validation of endpoints  - real-time monitoring of activity/traffic
1 upvotes
Blue Hard Drive
IT, Software
For us, zero trust means that we do not allow access to resources unless we have verified the human and the device that is initiating the connection. One layer is identity of the person, the next is identity of the device. Without both being known and verified, access to corporate resources is denied. And the access to resources is more granular - on the network side you don't connect to the VPN and get access to everything within, you connect specifically to the application you need access to.
0 upvotes
Green Terminal
IT, Software
Verify and then Trust linked to user identity when we no longer have datacenter boundaries.
0 upvotes
Blue USB Stick
IT, Transportation and Warehousing
What I understand from Zero Trust is that any user will have to show their credentials regardless of the user role it has.
0 upvotes
Orange Hard Drive
IT, Hardware
I think of it as validate all network interactions - not just people.
1 upvotes
Pink Monitor
Engineering, Software
Zero Trust is the practice of shifting access control from the network perimeter to the assets, individuals, and the respective endpoints. For GitLab, Zero Trust means that all users and devices trying to access an endpoint or asset within our GitLab environment will need to authenticate and be authorized.  You can read more on our blog:  https://about.gitlab.com/blog/2019/10/02/zero-trust-at-gitlab-implementation-challenges/
0 upvotes
Red Server
IT, Hospitality
MFA enforcement
1 upvotes
Orange Processor
IT, Educational Services
At its most basic, I think it means that when gaining access to a network, you (your device) do not gain access to its resources unless you can prove you are part of a group that has the appropriate permissions. This is the opposite of finding an open network port in an office, plugging in, and surfing away. It assumes worst intentions unless otherwise is found to be true.
0 upvotes
Green Server
IT, Health Care and Social Assistance
Zero Trust means that I can use a broadband circuit and not have to rely on VPN or other proprietary circuits like MPLS.
0 upvotes
Black Charger
IT, Educational Services
Very simply, that you don't trust anyone. Least access granted in all cases across the board.
1 upvotes
Red Server
Engineering, Educational Services
Zero trust means that until you can verify, there is no access to or availability of resources.
1 upvotes
Blue Hard Drive
Engineering, Software
ZTA refers to building Identity and Access Management (IAM) in the system which allows classify the user's based on their roles, policies, and permissions they have. This has been seamlessly implemented by infrastructure providers and we should be considering those implementations as the example when we wish to implement the IAM across our systems, including internal as well as external.
0 upvotes
Blue USB Stick
Engineering, Hardware
Zero Trust to means no one or no equipment is trusted whether inside or outside your environment so every device has to be authenticated. So, you  need technology that enables you to enforce policy rules and authentication.
1 upvotes
Pink Charger
Engineering, Software
Zero trust in practice is that there is default no access and on a per task basis trust is granted to the level that is needed to complete that task
0 upvotes
Yellow Cloud
IT, Educational Services
Starting with zero access and stepping back from their as access/privilege is warranted, bit by bit.
1 upvotes