cybersecurity security-models

Zero Trust

zero-trust security authentication identity access-control
Plain English

Old-school network security operated on a castle-and-moat model: once you got inside the castle walls (the corporate network), you were trusted. Zero Trust throws that assumption out. Being on the network proves nothing. Every request - whether it comes from inside the office, a VPN, or a remote laptop - has to prove who it is before getting access to anything. No free passes based on location.

Technical Definition

Zero Trust Architecture (ZTA) is defined by NIST SP 800-207 as a set of principles centered on the idea that no implicit trust is granted to assets or user accounts based solely on their physical or network location.

Core tenets:

  1. Verify explicitly - Authenticate and authorize every request using all available data points: identity, location, device health, service/workload, data classification, and anomalies.
  2. Use least privilege access - Limit user access with just-in-time (JIT) and just-enough-access (JEA), risk-based adaptive policies, and data protection.
  3. Assume breach - Minimize blast radius, segment access, verify end-to-end encryption, and use analytics to get visibility, drive threat detection, and improve defenses.

Key components in a ZTA:

  • Policy Engine (PE): The brain. Makes grant/deny decisions based on policy and context (user identity, device posture, resource sensitivity).
  • Policy Administrator (PA): Establishes and shuts down communication paths between subjects and resources.
  • Policy Enforcement Point (PEP): The gatekeeper. Intercepts requests, queries the PE, and enforces the decision.

Identity as the new perimeter:

Zero Trust shifts trust from the network edge to the identity plane. A certificate-backed identity (PIV, FIDO2, mTLS) is far stronger than an IP address, because IP addresses can be spoofed and VLANs can be traversed - a hardware-backed cryptographic identity cannot.

Microsegmentation:

Rather than flat internal networks, Zero Trust advocates for granular network segments where each workload can only communicate with explicitly permitted peers. East-west traffic (server to server) is treated as untrusted as north-south (internet to server).

In the Wild

Zero Trust went from buzzword to mandate after a series of high-profile lateral movement attacks (SolarWinds, Colonial Pipeline) demonstrated that perimeter security alone fails catastrophically once an attacker is inside. Google’s BeyondCorp implementation, published in 2014, was the first large-scale production deployment: Google employees access internal apps from the public internet with no VPN, relying entirely on device certificates and identity. In a homelab context, Zero Trust means your servers do not trust your workstation just because it is on the same VLAN. Every SSH connection requires a hardware-backed certificate, access is logged at a single choke point (a Bastion server), and password authentication is disabled entirely. The attack surface shrinks to: physical possession of a hardware token plus knowledge of a PIN.

← Back to Dictionary