Zero trust means a lot more than determining how users access resources. Successful implementation takes time, commitment and ongoing support.

Zero trust is a cybersecurity model, not a technology or a control. It takes the principle of least privilege to the next level by adding new restrictions governing how users access resources.

The term zero trust is itself a misnomer. Trust is a continuum. As a result, zero trust means shifting away from "trust everything" toward "trust nothing" -- limiting access commensurate with risk and with the usability of trust verification measures.

In short, the zero-trust security model assumes active threats exist inside and outside a network's perimeter, with on-site and remote users alike required to meet stringent authentication and authorization requirements before being granted access to data and resources.

A zero-trust initiative, implemented effectively, must strike a reasonable balance between security and usability. Compromises are less likely to occur, and those that do will cost attackers more time and effort to achieve. Security teams will also detect attacks sooner ...