# Zero Trust Security Zero Trust is a security model based on the principle "never trust, always verify." Traditional network security assumes everything inside the corporate perimeter is safe. Once you're on the VPN or in the office, you have broad access. Zero Trust rejects this assumption entirely: every request must be authenticated and authorized, regardless of where it originates. The model treats all networks as hostile, including internal ones. Access decisions are made per-request based on identity, device health, context, and least-privilege policies. A user on a compromised device or unusual location might be denied access even with valid credentials. This approach limits lateral movement; if an attacker breaches one system, they can't easily pivot to others because each resource requires independent verification. Implementation typically involves identity-aware proxies, micro-segmentation, continuous authentication, and device posture checks. Tools like [[Tailscale]], Cloudflare Access, and Google BeyondCorp embody these principles. The shift from perimeter-based to identity-based security reflects modern realities: remote work, cloud infrastructure, and BYOD make the traditional "castle and moat" approach obsolete. ## Related - [[Tailscale]] - [[Self-hosting]]