The zero-trust model
Never trust, always verify; assume breach.
Zero trust is a response to a simple, uncomfortable fact: the network perimeter has failed as a security boundary. This lesson establishes the principles that the rest of the course implements with concrete identity, mTLS, and policy technology.
Never trust, always verify
The perimeter model grants implicit trust to anything inside the firewall — so a single foothold reaches everything. Zero trust removes that implicit trust: every request is authenticated and authorized on its own merits, regardless of where it originates. Google’s BeyondCorp was the landmark implementation for users, eliminating the privileged corporate network so access depends on verified user and device identity rather than being "on the LAN". The same shift applies to workloads: a service proves who it is cryptographically, and the network location it happens to occupy grants it nothing.
# PERIMETER MODEL — trust by location:# inside the firewall → trusted → can reach anything# one compromised host → lateral movement to everything## ZERO TRUST — trust by verified identity, per request:# every call: authenticate identity + authorize (least privilege)# compromised workload → can reach only its few authorized destinations## The network grants NOTHING; identity + policy grant access.
Assume breach, verify continuously
Two principles follow. Assume breach: design as if attackers are already inside, so you minimize what any foothold can reach through least privilege and segmentation. And verify continuously: trust is not granted once at login and held forever, but re-established constantly with short-lived credentials and per-request checks. The new perimeter is identity — access decisions hinge on a verified, cryptographic workload or user identity, not an IP or subnet. Adopting this is a staged journey (identity first, then segmentation, then policy), not a product you buy or a switch you flip overnight.