Zero Trust Network
What is Zero Trust Network?
Zero Trust NetworkA network architecture that never trusts users, devices, or services by default and enforces continuous, identity-aware verification of every connection.
A zero trust network discards the legacy assumption that the internal network is inherently trusted. Every connection — north-south or east-west — must be authenticated, authorized, and continuously evaluated based on identity, device posture, context, and risk before access to an application or service is granted. The architecture typically combines strong identity (MFA, FIDO2), device attestation, encrypted transport (mTLS), microsegmentation, and a policy engine that enforces least-privilege, just-in-time access. Aligned with NIST SP 800-207, zero trust shrinks the blast radius of compromised credentials and assumes breach as a design principle.
● Examples
- 01
An employee accessing an internal app via a zero-trust gateway that checks identity, MFA, and device posture for every request.
- 02
Service-to-service calls in a microservice mesh authenticated with short-lived mTLS certificates.
● Frequently asked questions
What is Zero Trust Network?
A network architecture that never trusts users, devices, or services by default and enforces continuous, identity-aware verification of every connection. It belongs to the Network Security category of cybersecurity.
What does Zero Trust Network mean?
A network architecture that never trusts users, devices, or services by default and enforces continuous, identity-aware verification of every connection.
How do you defend against Zero Trust Network?
Defences for Zero Trust Network typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Zero Trust Network?
Common alternative names include: Zero Trust, Zero Trust Architecture (ZTA).