Zero Trust
-
This is a popular subject and the definition gets blurry since its mostly used for marketing...
Zero-trust security is a security concept that assumes that all network traffic is untrusted and must be verified before being allowed access to network resources. This approach is in contrast to the traditional model of network security, which assumes that anyone who is able to connect to the network, such as through a VPN or WiFi at the office, can be trusted.
Under a zero-trust model, permissions are explicitly defined and verified before access is granted. This means that even trusted users and devices must go through the same authentication and authorization process to access resources. This approach helps to reduce the risk of unauthorized access and helps to protect against insider threats and external attacks.
In the past, companies often relied on perimeter-based security measures, such as firewalls, to protect their networks. However, as the use of cloud services and remote work has become more prevalent, it has become increasingly difficult to rely on these perimeter-based approaches alone. Zero-trust security helps to address these challenges by providing a more granular and dynamic approach to security that is not dependent on the location of the user or device.