What is Zero Trust Security?

Zero Trust security is a new strategy for keeping enterprise data secure, rooted in the idea that you can no longer rely on the network perimeter to assess trust. In a Zero Trust model, people are the new perimeter, and identity is the core of maintaining a secure environment.

An evolving landscape

Historically, organisations have kept their data secure through the use of firewalls and similar on-premises technologies. Everything within the network was considered trusted, while everything outside the network was considered untrusted.

This system worked fine for a while, but the rise of mobile and cloud adoption has drastically changed the access and security landscape. A recent report from McAfee found that 97% of organisations are using cloud services, which means that more people are accessing more resources from more locations and devices than ever before.

It’s not enough just for employees within your building to have secure data access. Mobile employees, customers, partners, and contractors from around the globe all need to access your organisation’s data. But they certainly can’t all access it from within your company’s on-prem network.

So what’s the solution?

Enter Zero Trust security

To enable these mobile and cloud experiences without compromising on security, organisations are moving away from the network perimeter-centric view of security. Instead, with users accessing resources from any location, device, or network, the common control point has shifted to the identity of the user.


This means that instead of viewing user security as two separate groups—trusted individuals, able to access everything inside an organisation, and untrusted individuals, kept on the outside—organisations are now taking a Zero Trust approach. They are no longer assuming that users should be trusted simply based on their network location; now all users must be verified before gaining access to corporate data.

Where to start with a Zero Trust model

Shifting to a Zero Trust security model requires organisations to focus resources on securely enabling access for all of the various users, regardless of their location, device, or network. To achieve this, IT needs full visibility and control over who needs access to what resources, and the extent of that access across the entire user lifecycle.

This is why many organisations are making modern identity and access management solutions the foundation of their Zero Trust strategy. As the leader in identity and access management, Okta enables organisations to securely embrace the rise of cloud and mobile adoption by moving away from a single perimeter, and evaluating the context of the user and device—before granting access.

Learn more

To learn more about Zero Trust security, check out this overview slide deck or the "Getting Started with Zero Trust" whitepaper. To see if Okta could be the right solution for implementing your Zero Trust security model, get a demo here.