The term ‘Zero Trust’ in the context of information systems is a conceptual approach in managing the security posture in a distributed information system. Prior to the wide-spread adoption of cloud based technologies, organizations would rely on internal processes and network segmentation as a means of protecting information for the company. As cloud adoption increased, the data is now spread throughout multiple organizations’ data centers, as well as key components of security capabilities such as authentication or vulnerability management and reporting. The ZTA approach changes from using the infrastructure to using identity, resource and location as a means of providing the security protections. Each component of the application, such as services, infrastructure, Application Programmable Interfaces (API) and users are authenticated.  In the figure below, the visual shows a potential solution in a cloud native application solution architecture that can be spread across multiple vendors as well as with internally developed software.  

 

 

URL:  Zero Trust

A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments (nist.gov)