Le zero trust (zero confidence, in French) is a a security strategy that stipulates that no entity (user, application, service or device) should be considered reliable by defaulteven if it is inside the organisation's network.
"Zero Trust is a bit like an ultra-secure guard at the gates of your digital business. Instead of letting everyone in, it scrupulously checks every identity and every access request. It's time-consuming, but it avoids unpleasant surprises."
In practice, this means that:
- Each access is checked individually: Before authorising access to a system or data, the identity of the user, the status of the device and the context of the request are rigorously checked.
- Access is limited to what is strictly necessary: The privileges granted are as restricted as possible, in order to limit the damage in the event of a compromise.
- The network is segmented: The network is divided into several security zones, limiting the spread of any attack.