That’s right it is a concept, and a framework; not a product, service or platform that some may have you believe. Zero Trust (ZT) as a concept was first proposed by Forrester Research as a Blue Print for Security Architecture.
The main premise of ZT is the internet has become more ubiquitous and we are constantly connected; the perimeter demarcation points have moved; trust is no longer inherent. The old castle and moat approach where a heavily guarded entrance (perimeter security) to validate access and then grant trust is no longer sufficient for today’s users, applications and networks that are perimeter less, hyper-connected and cannot be trusted. The Zero Trust approach and principals are to “never trust, always verify”
to be hostile.
on the network at all times.
deciding trust in a network.
flow is authenticated and
calculated from as many sources
of data as possible.
CyberCyte's Circle of Zero Trust,