Zero trust

Trust is continuously earned based on factors, such as identity, context and activity

About zero trust

Zero trust is a security architecture centered on the concept that organisations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.

  • Zero trust assumes that individuals, devices and networks are not trusted. Trust is continuously earned through verifying factors, such as identity, context and activity

  • Zero trust draws on technologies such as multifactor authentication (MFA), Identity and Access management (IAM), orchestration, analytics, encryption, scoring and file system permissions

  • Zero trust also calls for governance policies such as giving users the least amount of access they need to accomplish a specific task

  • the Zero trust system adapts in real time, continually verifying whether to grant or restrict access

Implementing zero trust

Implementing zero trust architecture, though, can be a significant technical and infrastructural shift in the way technology supporting an organisation is designed, which can present challenges for adoption.

Some ways that organisations can make some shifts are to:

  • factor zero trust principles into the organisation’s digital roadmap

  • ask the supplier if they’re zero trust ready when investing in an IT solution

  • talk to current suppliers or internal teams about how they might start adopting a zero trust philosophy

What are the benefits?

Zero Trust offers significant benefits in terms of:

  • mobility
  • remote working
  • resilience
  • security

Related links