2.1.3. The Zero Trust Security Model

💡 First Principle: Zero Trust assumes breach and verifies explicitly. Instead of trusting users because they're inside a network perimeter, every access request is fully authenticated, authorized, and encrypted regardless of origin.

Zero Trust Principles

• Verify explicitly: Always authenticate and authorize based on all available data points
• Use least privilege access: Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA)
• Assume breach: Minimize blast radius and segment access; verify end-to-end encryption

Visual: Zero Trust Defense Layers

💡 Key Insight: Zero Trust requires verification at EVERY layer. A trusted identity on a compliant device still gets inspected at the network, application, and data layers. No single layer grants implicit trust to others.

Key Trade-Offs:

• Security vs. User Experience: More verification steps increase security but may frustrate users
• Granularity vs. Complexity: Fine-grained permissions improve security but increase management overhead

Reflection Question: Your organization currently trusts all traffic from the corporate network. How would implementing Zero Trust change your authentication and authorization approach for Azure resources?