What Is Zero Trust Architecture and How Does It Work?

Zero-trust is a security concept that champions the idea that you don’t automatically trust anything outside or within predefined perimeters. Instead, you must verify anything that attempts to connect to enterprise systems before granting access.

It’s a concept that addresses the threat of lateral movement. Within enterprise networks, you can mitigate this threat through micro-segmentation and granular perimeter enforcement. In other words, it reaffirms the idea that users should always have only bare minimum access to complete their tasks.

The term was coined over a decade ago by former Forrester analyst John Kinderva. Recently, zero-trust started getting renewed attention with an explosion of cloud-native apps, the proliferation of microservices and containerization, and the masses moving to the cloud.

Traditional Perimeter-Based Security

In a traditional perimeter-based security approach, companies could quickly define sub-perimeters within enterprise networks. We could do this by leveraging a specific set of controls based on the user, IP address, application traffic direction, and so on.

While this worked well in simple on-premises networks, it doesn’t cut it in cloud-native architecture. This is because applications are…