To understand Zero Trust architecture, first think about traditional security architecture: after someone signs in at work, they can access the entire corporate network. This only protects an organization’s perimeter and is tied to the physical office premises. This model doesn’t support remote work and exposes the organization to risk, because if someone steals a password, they can access everything.
Instead of only guarding an organization’s perimeter, Zero Trust architecture protects each file, email, and network by authenticating every identity and device. (That’s why it’s also called “perimeterless security.”) Rather than just securing one network, Zero Trust architecture also helps secure remote access, personal devices, and third-party apps.
The principles of Zero Trust are: