Zero Trust

Zero Trust refers to a set of IT policies and a driving ethos for them that grants access to all systems and data in a granular fashion, refusing ever to completely "trust" a user, even after authentication and even when access origins lie inside the local network.

In practice, this means that virtually every significant workflow is protected at the outset by an authentication step, without regard for the location or presumed identity of the user.

From the user's perspective, it means that a large number of authentication steps may need to be completed over the course of a given work day, despite the fact that they are on company grounds and "already logged in" to local computing environment.

For these reasons, zero trust is a difficult attitude to successfully adopt, as it tends to alienate users and harm productivity. It is also something of a misleading term, since even if a user is forced to log in 48 times ove the course of an eight-hour workday (six times per hour), this likely leaves seven hours of non-authentication-flow time or more during which the identity of the user is still ultimately being "trusted."

The only true avenue for achiving zero trust that has been developed to date is continuous authentication of the kind provided, for example, by Plurilock DEFEND, which confirms a user's identity continuously, in real time, as they work.