IT Glossary
Zero Trust is a security model based on the principle "never trust, always verify." Unlike traditional perimeter security, Zero Trust assumes any user, device, or network could be compromised and requires continuous verification before granting access.
The traditional security model created a hard perimeter around the corporate network — inside was trusted, outside was not. With remote work, cloud applications, and mobile devices, this model fails. Zero Trust eliminates the concept of a trusted network. Every access request — even from inside the office — is verified based on identity, device health, location, and behaviour before access is granted.
Related terms: SASE, ZTNA, MFA, IAM, Microsegmentation
Start with identity — implement MFA for all users, especially for cloud applications. Then focus on privileged access management (PAM) for admin accounts. Use a phased approach rather than trying to do everything at once.
CERT-In doesn't mandate Zero Trust specifically, but the principles align well with CERT-In requirements for access controls, monitoring, and incident detection. Organisations adopting Zero Trust will generally find CERT-In compliance easier.
Interested in Zero Trust for your organisation? Our cybersecurity advisors will design a Zero Trust roadmap tailored to your needs.