Thales banner

Zero Trust Security

Secure access and protect data in the cloud with zero trust security


The need for Zero Trust security

When all transactions in the enterprises are untrusted, and there is no defined security boundary, encrypting data and protecting apps at the access point by continuously validating identities is core to enterprise security.

Work securely and conveniently from home


Offer employees, contractors and consultants an easy and convenient login experience no matter where they are or what device they're using.

Expand Securely
in the Cloud


Overcomes the limitations of legacy security schemes by securing cloud apps at the access point from the cloud.

Prevent Breaches and Protect your Data


Protect apps by encrypting data and continuously validating identities.

Key principles of Zero Trust security models

  • Trust no one – verify everywhere
  • Adopt a ‘default deny’ stance’
  • Secure applications at the access point

Zero Trust Security Architectures

NIST describes three approaches to building an effective Zero Trust security architecture.


The identity-centric approach of Zero Trust architecture places identity of users, services, and devices at the heart of policy creation. Enterprise resource access policies are based on identity and assigned attributes. The primary requirement to access corporate resources is based on the access privileges granted to a given user, service or device. To cater for a more adaptive authentication, the policy enforcement may consider other factors as well, such as device used, asset status, and environmental factors.

NIST identity-centric zero trust



The network-centric approach of Zero Trust architecture is based on network micro-segmentation of corporate resources protected by a gateway security component. To implement this approach, the enterprise should use infrastructure devices such as intelligent switches (or routers), Next Generation Firewalls (NGFW) or Software Defined Networks (SDN) to act as policy enforcement protecting each resource or group of related resources.

Combination approaches

A cloud-based combined Zero Trust architecture approach leverages cloud-based Access Management and Software at the Service Edge (SASE). The cloud-based Access Management solution protects and enforces the identities of cloud applications and services, while SASE components, such as Software Defined Networks (SDNs) or Next Generation Firewalls (NGFW) protect on-premise resources.

Meeting NIST Guidelines for Zero Trust Security - White Paper

Meeting NIST Guidelines for Zero Trust Security - White Paper

Digital transformation, the proliferation of disruptive technologies and emerging trends such as 'work from home' have made the digital boundaries of corporates disappear. Zero Trust security schemes can help organizations overcome the limitations of legacy perimeter security...

Thales Zero Trust Security Solutions

SafeNet Trusted Access

SafeNet Trusted Access, Thales’s cloud-based access management and authentication service, is the starting point for effective Zero Trust security implementations, meeting Zero Trust principles:

  • Meet a ‘verify everywhere, trust no one’ stance by enforcing access decisions dynamically at the application access point, irrespective of where the app resides, where users reside, what device users use and network routing
  • Adhere to a ‘default deny’ policy by continuously reassessing and verifying credentials at each log in, even if Single Sign On (SSO) features are enabled.

Learn more about SafeNet Trusted Access

Zero Trust Security Resources

How Can You Trust an Untrusted Environment - eBook

How Can You Trust an Untrusted Environment - eBook

Digital transformation, the proliferation of disruptive technologies and emerging trends such as ‘work from home’, coupled with the alarming increase in data breaches and security incidents have rendered the concept of trust extinct. Zero Trust security is based on the tenet “Never Trust, Always Verify”, views trust as a vulnerability, and requires strict and continuous identity verification to minimize implicit trust zones.


CAEP: An Emerging Standard for Continuous Authentication and Access

In the spring of 2019, if you were to stroll through the vast exhibition halls of the Moscone Center during RSA Conference, you would be overwhelmed by the sheer number of booths - some crammed for space and some with room to spare. Regardless of their size, they were all selling the same thing; security. This was expected. However, what was not expected was that they all seemed to have gravitated towards two overarching security themes of zero-trust and machine learning.


Evaluating the Latest Zero Trust Architecture from NIST. Does it Deliver What’s Needed?

Last month, the Computer Security Resource Center at NIST (National Institute of Standards and Technology) released general guidance and recommendations for implementing a Zero Trust architecture through their special publication, SP 800-207. This latest document is, of course, a reflection of how NIST views Zero Trust security, but it is important to point out two insights on how this view has been formed.


Webinar: Securing Cloud Access with Continuous Access Evaluation Protocol (CAEP)

Seamless authentication and continuous access to online resources has been an elusive target. While many have tried, few have been able to achieve it.


Webinar: Putting Continuous Security First in Your Cloud-first Strategy

Cloud adoption is the stepping stone for any organization’s digital transformation initiative. Learn how to navigate this very fluid threat landscape with solutions that scale up with your business needs, and help you achieve the true potential of your digital transformation objectives.