Home/Glossary/Zero Trust Architecture

Zero Trust Architecture

A security model that assumes breach, requiring continuous verification of every user, device, and workload regardless of location.

Security FoundationsAlso called: "zero trust", "zero trust security"

Zero Trust replaces the idea of a trusted internal network with explicit, continuous verification.

Core principles

  • Never trust, always verify: authenticate and authorize every request.
  • Least privilege: grant only the permissions a user or service needs for a task.
  • Assume breach: design controls so an attacker cannot move laterally.

Implementation checkpoints

  • Strong identity controls with MFA and device trust.
  • Microsegmentation around critical applications and data.
  • Continuous monitoring of behavior and context.

Related Tools

Explore More Security Foundations

View all terms

Attack Surface

The total number of points where an unauthorized user could try to enter data into, or extract data from, an environment.

Read more →

Principle of Least Privilege (PoLP)

The practice of granting users and services the minimum access they need to perform their duties.

Read more →
Back to glossary