- See The Difference
- What is Zero Trust The strategy on which Zscaler was built
- How Zscaler Delivers Zero Trust A platform that enforces policy based on context
- Zero Trust Resources Learn its principles, benefits, strategies
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Customer Success Stories Hear first-hand transformation stories
- Analyst Recognition Industry experts weigh in on Zscaler
- See the Zscaler Cloud in Action Traffic processed, malware blocked, and more
- Experience the Difference Get started with zero trust
![Zscaler transformation]( "Zscaler transformation")
See how the Zero Trust Exchange can help you leverage cloud, mobility, AI, IoT, and OT technologies to become more agile and reduce risk
- Products & Solutions
- Secure Your Users Provide users with seamless, secure, reliable access to applications and data. Secure Your Workloads Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Secure Your OT and IoT Provide zero trust connectivity for OT and IoT devices and secure remote access to OT systems.
- Products Transform your organization with 100% cloud-native services
- Solutions Propel your business with zero trust solutions that secure and connect your resources
![Zscaler workplace enablement]( "Zscaler workplace enablement")
Make hybrid work possibleGet StartedSecure work from anywhere, protect data, and deliver the best experience possible for users
- Industries Our ecosystem of zero trust partners
- Partner Integrations Simplified deployment and management
![Zscaler industry partners]( "Zscaler industry partners")
Secure your ServiceNow DeploymentGet StartedIt’s time to protect your ServiceNow data better and respond to security incidents quicker
- Platform
- Platform Overview Unified platform for transformation
- Capabilities Integrated services, infinitely scalable
![Zscaler transformation]( "Zscaler transformation")
Accelerate your transformationLearn MoreProtect and empower your business by leveraging the platform, process and people skills to accelerate your zero trust initiatives
![Gartner Report]( "Gartner Report")
Gartner Magic Quadrant LeaderRead ReportZscaler: A Leader in the Gartner® Magic Quadrant™ for Security Service Edge (SSE) New Positioned Highest in the Ability to Execute
- Resources
- Content Library Explore topics that will inform your journey
- Blog Perspectives from technology and transformation leaders
- Security Assessment Toolkit Analyze your environment to see where you could be exposed
- Webinars and Demos A first-hand look into important topics
- Executive Insights App Security insights at your fingertips
- Ransomware ROI Calculator Assess the ROI of ransomware risk reduction
- Training and Certifications Engaging learning experiences, live training, and certifications
- Customer Success Center Quickly connect to resources to accelerate your transformation
- Customer Success Stories Hear first-hand transformation stories
![Customer success center]( "Customer success center")
- Security & Threat Analytics Threat dashboards, cloud activity, IoT, and more
- Security Advisories News about security events and protections
- Vulnerability Disclosure Program Webinars, training, demos, and more
- Trust Portal Zscaler cloud status and advisories
![Zscaler resources]( "Zscaler resources")
- Company
- About Zscaler How it began, where it’s going
- Leadership Meet our management team
- Investor Relations News, stock information, and quarterly reports
- Compliance Our adherence to rigorous standards
- ESG Our Environmental, Social, and Governance approach
- Events Upcoming opportunities to meet with Zscaler
- Zenith Ventures Strategic cybersecurity investments
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
- Media Center News, blogs, events, photos, logos, and other brand assets
- News and Press Zscaler in the news
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
- Partner Portal Tools and resources for Zscaler partners
- Summit Partner Program Collaborating to ensure customer success
- System Integrators Helping joint customers become cloud-first companies
- Service Providers Delivering an integrated platform of services
- Technology Deep integrations simplify cloud migration
- Partner Inquiry Become a Zscaler partner
![Careet at Zscaler]( "Careet at Zscaler")
Zscaler CareersApply NowJoin a recognized leader in Zero trust to help organization transform securely
-
What Is Zero Trust? Zero trust is a framework for securing organizations in the cloud and mobile world that asserts that no user or application should be trusted by default. Following a key zero trust principle, least-privileged access, trust is established based on context (e.g., user identity and location, the security posture of the endpoint, the app or service being requested) with policy checks at each step.
Zero Trust Architecture Explained
Zero trust is a cybersecurity strategy wherein security policy is applied based on context established through least-privileged access controls and strict user authentication—not assumed trust. A well-tuned zero trust architecture leads to simpler network infrastructure, a better user experience, and improved cyberthreat defense.
A zero trust architecture follows the maxim "never trust, always verify." This guiding principle has been in place since John Kindervag, then at Forrester Research, coined the term. A zero trust architecture enforces access policies based on context—including the user's role and location, their device, and the data they are requesting—to block inappropriate access and lateral movement throughout an environment.
Establishing a zero trust architecture requires visibility and control over the environment's users and traffic, including that which is encrypted; monitoring and verification of traffic between parts of the environment; and strong multifactor authentication (MFA) methods beyond passwords, such as biometrics or one-time codes.
Critically, in a zero trust architecture, a resource's network location isn't the biggest factor in its security posture anymore. Instead of rigid network segmentation, your data, workflows, services, and such are protected by software-defined microsegmentation, enabling you to keep them secure anywhere, whether in your data center or in distributed hybrid and multicloud environments.
Removing network location as a position of advantage eliminates excessive implicit trust, replacing it with explicit identity-based trust.
Gartner, Market Guide to Zero Trust Network Access, June 2020
How Does Zero Trust Security Work?
The core concept of zero trust is simple: assume everything is hostile by default. It's a major departure from the network security model built on the centralized data center and secure network perimeter—a model in use since the 1990s. These network architectures rely on approved IP addresses, ports, and protocols to establish access controls and validate what's trusted inside the network, generally including anybody connecting via remote access VPN.
In contrast, a zero trust approach treats all traffic, even if it's already inside the perimeter, as hostile. For example, workloads are blocked from communicating until they are validated by a set of attributes, such as a fingerprint or identity. Identity-based validation policies result in stronger security that travels with the workload wherever it communicates—in a public cloud, a hybrid environment, a container, or an on-premises network architecture.
Because protection is environment-agnostic, zero trust secures applications and services even if they communicate across network environments, requiring no architectural changes or policy updates. Zero trust securely connects users, devices, and applications using business policies over any network, enabling safe digital transformation.
Zero trust is being misused as a marketing term. Vendors are applying the term ‘Zero Trust’ to market everything in security, creating significant marketing confusion. Gartner, 2019
Core Principles of the Zero Trust Model
Zero trust is about more than user identity, segmentation, and secure access. It's a strategy upon which to build a cybersecurity ecosystem. At its core are three tenets:
- Terminate every connection: Technologies like firewalls use a “passthrough” approach, inspecting files as they are delivered. If a malicious file is detected, alerts are often too late. An effective zero trust solution terminates every connection to allow an inline proxy architecture to inspect all traffic, including encrypted traffic, in real time—before it reaches its destination—to prevent ransomware, malware, and more.
- Protect data using granular context-based policies: Zero trust policies verify access requests and rights based on context, including user identity, device, location, type of content, and the application being requested. Policies are adaptive, so user access privileges are continually reassessed as context changes.
- Reduce risk by eliminating the attack surface: With a zero trust approach, users connect directly to the apps and resources they need, never to networks (see ZTNA). Direct user-to-app and app-to-app connections eliminate the risk of lateral movement and prevent compromised devices from infecting other resources. Plus, users and apps are invisible to the internet, so they can’t be discovered or attacked.
Benefits of Choosing a Zero Trust Architecture
Today’s cloud environments can be attractive targets for cybercriminals aiming to steal, destroy, or ransom business-critical and sensitive data, such as personally identifiable information (PII), intellectual property (IP), and financial information.
While no security strategy is perfect and data breaches will never be totally eliminated, zero trust is among today's most effective strategies. Zero trust reduces the attack surface and mitigates the impact and severity of cyberattacks, reducing the time and cost of responding to and cleaning up after a breach.
Not to mention, a zero trust security model is the most effective means of cloud security there is. The ability to not trust any connection without proper verification is essential given the amount of cloud, endpoint, and data sprawl in today’s IT environments. Plus, the increase in visibility will make life much easier for IT and security from the administrator level all the way up to the CISO.
Use Cases of Zero Trust
1. Reduce Business and Organizational Risk
Zero trust solutions stop all applications and services from communicating until they are verified by their identity attributes—immutable properties that meet predefined trust principles, such as authentication and authorization requirements.
Zero trust, therefore, reduces risk because it uncovers what’s on the network and how those assets are communicating. As baselines are established, a zero trust strategy further reduces risk by eliminating overprovisioned software and services as well as continuously checking the “credentials” of every communicating asset.
2. Gain Access Control over Cloud and Container Environments
Access management and loss of visibility are security practitioners’ greatest fears about moving to the cloud. Despite enhancements in cloud service provider (CSP) security, workload security remains a shared responsibility between your organization and the CSP. That said, there's only so much you can affect inside the CSP’s cloud.
With a zero trust security architecture, security policies are applied based on the identity of communicating workloads and tied directly to the workloads themselves. This keeps security as close as possible to the assets that need protection, unaffected by network constructs like IP addresses, ports, and protocols. Protection travels with the workload and remains constant even as the environment changes.
3. Reduce the Risk of a Data Breach
Following the principle of least privilege, every entity is assumed hostile. Every request is inspected, users and devices are authenticated, and permissions are assessed before "trust" is granted. This "trust" is then continually reassessed as context changes, such as the user's location or the data being accessed.
Without trust, an attacker who gets inside your network or cloud instance through a compromised device or other vulnerability won't be able to access or steal your data. Moreover, because the zero trust model creates a "secure segment of one" with no way to move laterally, the attacker will have nowhere to go.
4. Support Compliance Initiatives
Zero trust shields all user and workload connections from the internet, so they can't be exposed or exploited. This invisibility makes it easier to demonstrate compliance with privacy standards and regulations (e.g., PCI DSS, NIST 800-207), and results in fewer findings during audits.
Implementing zero trust microsegmentation enables you to create perimeters around certain types of sensitive data (e.g., payment card data, data backups) using fine-grained controls to separate regulated and non-regulated data. During audits, or in the event of a data breach, microsegmentation provides superior visibility and control compared to the overprivileged access of many flat network architectures.
How to Get Started with Zero Trust
When designing a zero trust architecture, your security and IT teams should first focus on answering two questions:
- What are you trying to protect?
- From whom are you trying to protect it?
This strategy will inform the way you design your architecture. Following that, the most effective approach is to layer technologies and processes on top of your strategy, not the other way around.
In its zero trust network access (ZTNA) framework, Gartner recommends leveraging zero trust delivered as a service. You can also take a phased approach, starting with either your most critical assets or a test case of non-critical assets, before implementing zero trust more broadly. Whatever your starting point, an optimal zero trust solution will offer you immediate returns in risk reduction and security control.
Why Choose Zscaler as Your Zero Trust Solution?
Zscaler is the only cybersecurity vendor that offers a zero trust platform born in the cloud and designed for cloud organizations. What’s more, Zscaler is consistently nominated as a leader in the industry’s most prestigious analyst reports and rankings, and we have the backing of our innovative partners and customers to prove it.
All of this is made possible by our flagship platform: the Zscaler Zero Trust Exchange.
The Zscaler Zero Trust Exchange
The Zscaler Zero Trust Exchange™ is a cloud native platform built on zero trust. Based on the principle of least privilege, it establishes trust through context, such as a user’s location, their device’s security posture, the content being exchanged, and the application being requested. Once trust is established, your employees get fast, reliable connections—wherever they are—without ever being placed directly on your network.
The Zero Trust Exchange operates across 150 data centers worldwide, ensuring that the service is close to your users, colocated with the cloud providers and applications they are accessing. It guarantees the shortest path between your users and their destinations, providing comprehensive security and an amazing user experience.
Suggested Resources
-
Gartner Market Guide for Zero Trust Network Access
Read the report -
The Network Architect’s Guide to Adopting ZTNA
Read the guide -
Securing Cloud Transformation with a Zero Trust Approach
Read the white paper -
"Zero Trust" Is a Misnomer
Read the blog -
Zero Trust Security: 5 Reasons it’s Not About Firewalls and Passwords
Read the blog -
ZTNA technologies: What they are, why now, and how to choose
Read the blog