The ABC of Zero Trust

Rohit Talukdar
2 min readMay 22, 2023

--

“Zero trust” is a relatively newer concept in security. Traditionally, all traffic inside the network / premises was given a higher trust rating than traffic outside the network. With the advent of hybrid / remote workplace and BYOD(Bring-your-own-device) in the network, this assumption no longer holds true.

Credit: Song Artwork on Spotify

To easily remember the new tenets of security, there’s a simple ‘ABC’ mnemonic
A: Assume nothing

B: Believe No one

C: Check everything

The idea being that threats can now come from anywhere. Certain security philosophies also advocate assuming that the as the threat is ever-present, assume that the network may already be compromised. Therefore,

  1. microsegment networks
  2. authenticate every user
  3. assign roles on the basis of least privileges
  4. review every policy, especially the default policies(and think how you can exploit them if you wearing the hat of the attacker)
  5. log and audit everything
  6. leverage services already built with Zero Trust in mind.

--

--