Zero Trust Architectures
While multiple definitions of Zero Trust exist, a convenient set of principles is outlined by NCSC, consistent with the extensive body of guidance they continue to publish:
- know your architecture including users, devices, and services
- know your user, service and device identities
- know the health of your users, devices and services
- use policies to authorise requests
- authenticate everywhere
- focus your monitoring on devices and services
- don’t trust any network, including your own
- choose services designed for zero trust