What are the core principles of the zero trust model?
Zero trust is an approach—a way of thinking about network security—more than it is any particular topology, technology, or implementation. It starts from an assumption that there are no safe places on the network and an intruder has already breached your perimeter. You should treat your datacenter as if all of its data and services are exposed to the public Internet.
In the zero trust model, unlike traditional perimeter security, reachability does not imply authorization. Zero trust seeks to shrink implicitly trusted zones around resources, ideally to zero. In a zero trust network, all access to resources should be:
Authenticated and dynamically authorized, not only at the network layer and the service-to-service layer, but also at the application layer. Network location does not imply trust. Service identity and end-user credentials are authenticated and dynamically authorized before any access is allowed.
Bounded in space: the perimeter of trust around a service should be as small as possible
Bounded in time: authentication and authorization are bound to a short-lived session after which they must be re-established
Encrypted, both to prevent eavesdropping and to ensure messages are authentic and unaltered.
Observable, so the integrity and security posture of all assets may be continuously monitored and policy enforcement continuously assured. Also, insights gained from observing should be fed back to improve policy.
For more information, read our Learning Center article on zero trust architecture