Abstract: As naming goes, Zero Trust is easily understood. No one is trusted implicitly. In terms of cybersecurity, organizations should trust no one, whether an insider or an outsider, with unverified access to sensitive IT assets.
That’s not to say, of course, that no actor should ever be granted privileged access to network resources, which would obviously be an unworkable state of affairs; rather, it requires a security scheme that constantly requires users to not only prove who they are, but also to prove that they have both the need and the authorization to access said resource before entry is granted.
The Verizon 2019 Data Breach Report provides a particularly illustrative overview of the need for Zero Trust. In the report, privilege misuse was found to be among the top three cyberthreats for the financial, healthcare, public administration, manufacturing, and retail sectors. Because privilege misuse can be mitigated by Zero Trust policies, such findings show how widespread the need is for this kind of approach to security, regardless of vertical.