2.8.2. Zero Trust and SASE

Zero Trust Architecture (ZTA): "Never trust, always verify." Assumes the network is compromised. Every access request—regardless of source location—is authenticated, authorized, and encrypted.

Core principles:

• Verify explicitly: Authenticate every request using all available data points (identity, device, location, behavior)
• Least privilege access: Grant minimum permissions necessary, just-in-time access
• Assume breach: Design as if attackers are already inside; segment, monitor, encrypt

SASE (Secure Access Service Edge) / SSE (Security Service Edge): Converges networking and security functions in the cloud. Instead of backhauling remote user traffic through headquarters for security inspection, security functions (firewall, CASB, DLP) run in cloud edge locations close to users.