Zero Trust: Difference between revisions
Created page with "'''Zero Trust''' (ZT) is a set of cybersecurity paradigms that focuses on users, assets, and resources instead of static perimeters. Zero trust is a response to trends such as..." |
|||
| Line 2: | Line 2: | ||
==Principles== | ==Principles== | ||
# | # never trust, always verify. | ||
# | # No assumptions about assets or user accounts based solely on their physical or network location or asset ownership. | ||
# Protect resources (assets, services, workflows, and network accounts), not network segments. | |||
==History== | |||
Zero Trust was created by [[John Kindervag], while he was vice president and principal analyst at [[Forrester Research]].<ref>[https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture What is a Zero Trust Architecture, Palo Alto Networks]</ref> | |||
==Zero Trust Architecture== | ==Zero Trust Architecture== | ||
Revision as of 14:44, 10 August 2021
Zero Trust (ZT) is a set of cybersecurity paradigms that focuses on users, assets, and resources instead of static perimeters. Zero trust is a response to trends such as including remote users, bringing one's own device, and cloud-based assets not within an enterprise-owned network boundary. The network location is no longer the prime component of a resource's security.[1]
Principles
- never trust, always verify.
- No assumptions about assets or user accounts based solely on their physical or network location or asset ownership.
- Protect resources (assets, services, workflows, and network accounts), not network segments.
History
Zero Trust was created by [[John Kindervag], while he was vice president and principal analyst at Forrester Research.[2]
Zero Trust Architecture
Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established.