An approach to the design and implementation of IT systems, the main concept of which is that devices should not be trusted by default, even if they are connected to a managed corporate network such as the corporate LAN and even if they were previously verified. (Also known as the Zero Trust security model or perimeterless security. The Zero Trust approach advocates mutual authentication, including checking the identity and integrity of devices without respect to location, and providing access to applications and services based on the confidence of device identity and device health in combination with user authentication. Security policies are an essential enabler of zero trust architecture.
