Scribd
Upload
2 views

ZERO TRUST NETWORK

Zero Trust Architecture (ZTA) is a security strategy that requires verification of users and devices before granting access, regardless of their network location. It emphasizes mutual authentication and least privilege access, adapting to complex corporate environments that include various interconnected zones and IoT devices. ZTA principles can also enhance data security by dynamically authenticating access requests based on user attributes and environmental factors.

Uploaded by

prajyot.1992
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2 views

ZERO TRUST NETWORK

Zero Trust Architecture (ZTA) is a security strategy that requires verification of users and devices before granting access, regardless of their network location. It emphasizes mutual authentication and least privilege access, adapting to complex corporate environments that include various interconnected zones and IoT devices. ZTA principles can also enhance data security by dynamically authenticating access requests based on user attributes and environmental factors.

Uploaded by

prajyot.1992
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Zero trust architecture (ZTA) or perimeterless security is a design and

implementation strategy of IT systems. The principle is that users and devices


should not be trusted by default, even if they are connected to a privileged network
such as a corporate LAN and even if they were previously verified.

ZTA is implemented by establishing identity verification, validating device compliance


prior to granting access, and ensuring least privilege access to only explicitly-
authorized resources. Most modern corporate networks consist of many
interconnected zones, cloud services and infrastructure, connections to remote and
mobile environments, and connections to non-conventional IT, such as IoT devices.

The traditional approach by trusting users and devices within a notional "corporate
perimeter" or via a VPN connection is commonly not sufficient in the complex
environment of a corporate network. The zero trust approach advocates mutual
authentication, including checking the identity and integrity of users and devices
without respect to location, and providing access to applications and services based
on the confidence of user and device identity and device status in combination with
user authentication.[1] The zero trust architecture has been proposed for use in
specific areas such as supply chains.[2][3]

The principles of zero trust can be applied to data access, and to the management of
data. This brings about zero trust data security where every request to access the
data needs to be authenticated dynamically and ensure least privileged access to
resources. In order to determine if access can be granted, policies can be applied
based on the attributes of the data, who the user is, and the type of environment
using Attribute-Based Access Control (ABAC). This zero-trust data security approach
can protect access to the data.[4]

You might also like