Zero Trust is a business-driven, strategic approach to securing your most critical data, applications, assets, and services (DAAS) as well as your users based on what is important to your particular business, in a protect surface. Zero Trust strategy is infrastructure-neutral, so you can apply it all physical and virtual locations—network, public cloud, private cloud, and endpoint. The concept behind Zero Trust is simple: trust is a vulnerability. Trust nothing in the digital environment—packets, identities, devices, or services—and verify everything. There is no such thing as default trust.

Implementing the strategy is not something you do once and cookie-cutter copy from network to network because each environment and protect surface is different; and as businesses change over time, the goal and DAAS elements also change. Strategy is business-specific and security strategy is specific to protecting what’s important to your particular business.

The goal of Zero Trust strategy is to eliminate trust from the network. Eliminating trust helps prevent successful data breaches, simplifies operations through automation and a reduced rulebase, and simplifies regulatory compliance and audits because Zero Trust environments are designed for compliance and easy auditing.