ABSTRACT
This is an extensive review of the Zero Trust Framework and its important principles and concepts.
In reality, the concept of the Zero Trust Framework is nothing new. In fact, it dates back more than a decade ago, all the way to 2010. An individual by the name of John Kindervag developed the philosophy that nothing should be trusted at all, from within both the external and internal environments of a company or, for that matter, any type of entity. The motto here was to get rid of all of the levels of trust, even how slight it may be. The driving philosophy was to “never trust, but always verify, no matter how many times it has to be done”.
Although the concept of the Internet of Things (IoT) was not even heard back during those times, people trying to access connected devices could not be trusted, and everybody had to go through the same regimen of verification. John Kindervag even related this concept to Joseph Stalin with his famous quote, “I trust no one, not even myself”. Eventually, he named his theory the Zero Trust Framework. Thus, as it will be elaborated more later in this chapter, the Zero Trust Framework is not a “one-size-fits-all” approach.
This means that whatever works for one entity regarding the Zero Trust Framework will not work for a different one. Rather, it is a methodology that has to be crafted and molded to the exact and unique security requirements of the company.
