Zero Trust Cybersecurity: ‘Never Trust, Always Verify’

What Is Zero Trust?

A student at the U.K.’s University of Stirling named Stephen Paul Marsh coined “zero trust” in his doctoral thesis in 1994. Instead of relying on a perimeter (for example, a firewall), every user, device and app must be verified for every instance of access.

Other ideas connected with this idea include strong user identity, machine identification, network segmentation, policy compliance and others

Why Remote and Hybrid Work Demands Zero Trust

The pandemic greatly expanded those of us considered "remote workers". It didn’t take long for threat actors to realize that the best way to break in was to enter through remote workers’ virtual private network (VPN) connections. Today the browser is the attack surface of choice.

Each work-from-home employee, hybrid worker and digital nomad represents an expansion of the attack surface and new openings for attackers. An organization might be looking at dozens, hundreds or thousands of such employees. So, the attack surface becomes too large for outdated security approaches.

How to Think About Zero Trust

Zero trust replaces an outdated idea. That idea? The assumption that everything ‘inside’ is trustworthy by default and that only outsiders pose threats. First, the solution was firewalls to create a perimeter. Then, VPN enabled remote employees to ‘tunnel’ into the perimeter.

This perimeter-centric view is outdated for many reasons. The rise of arbitrary mobile and wearable devices, cloud computing and the Internet of Things trend have eroded it. Now, above all, the hybrid and remote work trend have, too. It also accepts that threats often start inside the walls. Plus, cyberattacks are becoming more high-tech all the time!