Zero Trust

Zero Trust is a security model based on the principle "Never trust, always verify." Every access request, whether internal or external, must be authenticated, authorized, and continuously validated.

The Zero Trust concept originated from the realization that traditional perimeter-based security (firewalls, VPNs) was no longer sufficient in a world of mobile users, cloud services, and insider threats.

The term was popularized by John Kindervag, a Forrester Research analyst, in 2010. He proposed that trust should not be automatically granted based on network location (e.g., inside the firewall). Instead, every access request must be verified, regardless of source.

Key influences:

• Advanced persistent threats (APTs)
• Insider attacks
• Cloud adoption
• Mobile and remote work

Zero Trust shifts the focus from "trusting the internal network" to "trust no one by default."

Thank you Lucerne University of Applied Sciences and Arts and 🚴🏽‍♂️Peter… | Ivan Bütler

Thank you Lucerne University of Applied Sciences and Arts and 🚴🏽‍♂️Peter Kosel, Daniel Walther, Christian Ulmer and Hanno Wiese for organizing the Zero Trust event at the HSLU. I conclude Zero Trust is mainly a cloud driven approach and applying into hybrid cloud with on-prem infrastructures might be a challenge. Not easy to apply, but worth it.

LinkedInIvan Bütler