Zero trust architecture
Zero trust is the security model that assumes no implicit trust based on network location, every request, internal or external, must be authenticated, authorised, and continuously verified. The model replaces the perimeter-based 'trust the LAN, distrust the internet' assumption that dominated enterprise security until the mid-2010s.
Zero trust emerged from the recognition that perimeter security fails against insider threats, lateral movement after a breach, and the cloud-and-SaaS-driven dissolution of the perimeter itself. The practical implementation: identity-aware proxies in front of every service, strong authentication (MFA, hardware keys, device attestation), per-request authorisation that re-checks every time, network segmentation that doesn't grant trust by VLAN, and continuous risk scoring that revokes access when behaviour changes. Google's BeyondCorp is the canonical reference; vendor offerings include Cloudflare Access, Tailscale, AWS Verified Access, Okta's identity-aware proxy.