zero-trust

# Zero Trust Architecture

## Overview

Zero Trust is a security model that assumes no implicit trust based on network location. Every access request is fully authenticated, authorized, and encrypted regardless of origin.

**Keywords:** zero trust, ZTNA, micro-segmentation, identity-first, continuous verification, BeyondCorp, never trust always verify, least privilege, mTLS, service mesh, identity proxy

## When to Use This Skill

- Designing network security architecture
- Implementing identity-based access control
- Setting up micro-segmentation
- Configuring service-to-service authentication
- Building BeyondCorp-style access
- Implementing continuous verification
- Designing cloud-native security

## Zero Trust Principles

| Principle | Description | Implementation |
| --- | --- | --- |
| **Never Trust, Always Verify** | No implicit trust based on network | Authenticate every request |
| **Least Privilege** | Minimum necessary access | Role-based, time-limited access |
| **Assume Breach** | Design for compromise | Micro-segmentation, blast radius reduction |
| **Verify Explicitly** | All signals for authorization | Identity, device, location, behavior |
| **Continuous Verification** | Don't trust past authentication | Session validation, risk-based re-auth |

## Zero Trust Architecture Components

```text
┌─────────────────────────────────────────────────────────────────┐
│                    ZERO TRUST ARCHITECTURE                       │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  ┌────────────┐    ┌─────────────┐    ┌──────────────────────┐  │
│  │   USER     │───▶│  IDENTITY   │───▶│  POLICY ENGINE       │  │
│  │  + Device  │    │   PROXY     │    │  (Context Analysis)  │  │
│  └────────────┘    └─────────────┘    └──────────┬───────────┘  │
│                                                   │              │
│                           ┌───────────────────────┘