What are the key concepts of Zero Trust security?
To achieve its goal, Zero Trust access is governed by the following foundational principles:
- Access to corporate resources is determined by a dynamic policy, enforced on a per-session basis, and updated based on information collected about the current state of client identity, application/service, and the requesting asset, including other behavioural and environmental attributes.
- All communications to resources must be authenticated, authorized, and encrypted.
- Authentication and authorization are agnostic to the underlying network
- The enterprise monitors and measures the integrity and security posture of all owned and associated assets