DevOps Dictionary

Zero Trust is a security approach that assumes no user, device, workload, or network location is trusted by default, so every request must be explicitly verified. It addresses the risk of “implicit trust,” where a stolen credential, compromised endpoint, or misconfigured service can move laterally to reach sensitive systems. At a high level, Zero Trust works by continuously authenticating identity, checking device and workload posture (basic health and risk signals), enforcing least-privilege access (only the minimum permissions needed), and isolating resources through segmentation so access is granted per request and per context.

With Zero Trust, access becomes policy-driven, auditable, and breach impact is contained; without it, a single foothold can expand quickly across environments and make incident response slower and less predictable. This gap exists because traditional perimeter models treat “inside the network” as safe, while modern systems span cloud, SaaS, and remote endpoints.