The zero-trust model

Never trust, always verify; assume breach.

Advanced30 min · lesson 1 of 15

Zero trust is a response to a simple, uncomfortable fact: the network perimeter has failed as a security boundary. This lesson establishes the principles that the rest of the course implements with concrete identity, mTLS, and policy technology.

Never trust, always verify

The perimeter model grants implicit trust to anything inside the firewall — so a single foothold reaches everything. Zero trust removes that implicit trust: every request is authenticated and authorized on its own merits, regardless of where it originates. Google’s BeyondCorp was the landmark implementation for users, eliminating the privileged corporate network so access depends on verified user and device identity rather than being "on the LAN". The same shift applies to workloads: a service proves who it is cryptographically, and the network location it happens to occupy grants it nothing.

perimeter trust vs zero trust
# PERIMETER MODEL — trust by location:
# inside the firewall → trusted → can reach anything
# one compromised host → lateral movement to everything
#
# ZERO TRUST — trust by verified identity, per request:
# every call: authenticate identity + authorize (least privilege)
# compromised workload → can reach only its few authorized destinations
#
# The network grants NOTHING; identity + policy grant access.

Assume breach, verify continuously

Two principles follow. Assume breach: design as if attackers are already inside, so you minimize what any foothold can reach through least privilege and segmentation. And verify continuously: trust is not granted once at login and held forever, but re-established constantly with short-lived credentials and per-request checks. The new perimeter is identity — access decisions hinge on a verified, cryptographic workload or user identity, not an IP or subnet. Adopting this is a staged journey (identity first, then segmentation, then policy), not a product you buy or a switch you flip overnight.

Zero-trust principles
the shift
identity is the perimeter
not IP/subnet/location
never trust, always verify
authn + authz per request
the posture
assume breach
minimize blast radius
continuous verification
short-lived, re-checked trust
least privilege
only the declared access
The through-line: verified identity + least-privilege authorization on every connection, short-lived and continuously re-established.
Zero trust is an architecture, not a product
No single tool "makes you zero trust" — it is a set of principles you implement across identity, network, and policy. Beware vendors selling a box labeled zero trust; the work is issuing workload identity, segmenting by default-deny, and enforcing least-privilege authorization, rolled out in stages.