zero-trust-architecture

# Zero Trust Architecture

Comprehensive guide to zero trust security architecture - the "never trust, always verify" approach to modern security.

## When to Use This Skill

- Designing security architecture for new systems
- Migrating from perimeter-based security
- Implementing microsegmentation
- Evaluating identity-based access controls
- Understanding ZTNA (Zero Trust Network Access)
- Assessing security posture

## Core Principles

```text
Zero Trust Pillars:

1. Never Trust, Always Verify
   └── Every request is verified regardless of origin
   └── No implicit trust based on network location
   └── Continuous authentication and authorization

2. Least Privilege Access
   └── Minimum permissions required for the task
   └── Just-in-time access when possible
   └── Just-enough-access for the operation

3. Assume Breach
   └── Design as if attackers are already inside
   └── Minimize blast radius of any compromise
   └── Continuous monitoring and verification

4. Explicit Verification
   └── Verify user identity
   └── Verify device health
   └── Verify request context
   └── Make access decisions at each request
```

## Architecture Components

### Identity Layer

```text
Identity Provider (IdP):
├── Multi-factor authentication (MFA)
├── Single sign-on (SSO)
├── Federated identity
└── Privileged access management (PAM)

User Identity:
- Strong authentication required
- Continuous session validation
- Risk-based authentication
- Context-aware access decisions

Service Identity:
- Machine identity management
- Service accounts with rotation
- Certificate-based authentication
- Workload identity
```

### Device Layer

```text
Device Trust Assessment:
├── Device health attestation
├── Endpoint detection and response (EDR)
├── Mobile device management (MDM)
├── Certificate-based device identity
└── Posture assessment

Device Trust Signals:
- Is the device managed/enrolled?
- Is the OS up to date?
- Is security software running?
- Are there known vulnerabilities?
-