The Zero Trust concept is a cybersecurity model based on not trusting. Do not trust devices outside the network, don't trust devices already inside, Do not trust.

Zero Trust security ensures that all users and devices requesting network access are verified, and that once inside they have limited access in which they are selectively allowed to access only certain resources. Rather than granting implicit trust to a user or device based solely on their physical or network location, This model requires your authentication and authorization. So that, a Zero Trust security system follows these steps:

1. Verify the user: Before being able to enter the network, every user must be identified.. But, to ensure the highest possible level of security, not only username and password are requested, but Zero Trust adds multi-factor authentication (MFA) and asks things that the user is or has, information that only he knows.
2. Check the device: Once verified, the user can enroll their device so that it is verified. Also, Zero Trust security ensures that these devices meet certain security requirements by checking, for instance, that the virus protection of the device is up to date and fulfilling its function.
3. Limit access: Both devices and users do not usually have access to the entire network and its resources. This technique of reducing privileges limits lateral movement within the network, protecting large parts of it if a user or device is compromised. Also, Zero Trust asks for certain authorization in business applications and limits access to them, since they are risk factors.
4. Analyze its effectiveness: Zero Trust is constantly learning and adapting to improve its performance and level of protection.. This analysis also allows automatic recognition of unusual behavior, detecting malicious attacks quickly.

What is the importance of Zero Trust security?

Today remote work is infiltrating the routine of all of us, the tendency to BYOD is increasingly seen (Bring Your Own Devices), namely, bring electronics from home, Shadow IT and a greater use of cloud services force every network to adapt its security system. these two quotes, both said in the last year, show the current status of Zero Trust security:

<<A post-pandemic world requires organizations to adapt a Zero Trust system now more than ever. Zero Trust's growth this past year has been higher than 200% >>, Forrester

<<For 2022, 80% of new digital business applications will be accessed through zero trust network access (ZTNA), and to 2023 the 60% of companies will phase out their virtual private networks (VPN) remote access in favor of ZTNA>>, Gartner

The use of Zero Trust is becoming a basic necessity; evolving cybersecurity paradigms have moved perimeter defenses from static to user-centric, network devices and resources. Network location is no longer considered the main component of the security posture and now the security of a network is obtained by protecting the resources of this network.. The solution is to follow a Zero Trust strategy, thus implementing the acceso a la red Zero Trust (ZTNA), also known as having the software defined perimeter (SDP). This solution creates an overlay network that securely connects users and devices over the Internet to the servers and applications they need in the data center or public cloud..

The goal of the Zero Trust model is to provide complete visibility and control over the users and devices that have access to cloud data services and applications. (includes both managed apps in an enterprise ecosystem and unmanaged apps used by lines of business and users within the enterprise). Next we will see certain advantages of implementing this security model:

• Protege efficiently (remote user access, sensitive data and intellectual property, from all kinds of attacks)
• Reduce risks: from outside and inside (malicious users, theft of user credentials, infiltration from enterprise applications), while reducing potential violations and damage
• strong authentication, necessary before establishing the connection
• High control (effective governance of access to resources)
• Accelerating a transition to the cloud (allows direct access to multiple networks without hairpinnings)
• Ensures the IT visibility of risk in your access controls and can automatically identify the “needle in the haystack ” of potential risk through abnormal behavior that would never be detected through manual forensic methods.
• requires less administration, abilities and costs than a defense focused on silos or resources
• high compatibility with any app, protocol and device