Zero Trust is a strategic initiative in cybersecurity that eliminates the concept of trust from an organization's network architecture. Instead of assuming everything inside the corporate firewall is safe, the Zero Trust model assumes breach and verifies every request as though it originates from an open network. It operates on the principle of 'never trust, always verify.'
The term 'Zero Trust' was coined by John Kindervag at Forrester Research in 2010. The concept evolved from earlier work on 'de-perimeterization' by the Jericho Forum in the early 2000s. Google's implementation of BeyondCorp after the 2009 Aurora attacks was a major real-world validation of the model.
Zero Trust has become the industry standard for modern cybersecurity, especially with the rise of cloud computing and remote work. Major organizations and government agencies (including the US Federal Government) are mandating Zero Trust architectures. It relies on technologies like multi-factor authentication, identity and access management (IAM), and micro-segmentation.