What is Zero Trust?

Zero Trust is a paradigm in which trust is not granted based on factors like device ownership or location within or outside of a network. A convincing phishing attempt might utilize weak or reused credentials to gain control of the email account of an employee. That employee's account then requests access or information from a coworker, who may trust that the request is valid without questioning if it's really the presumed account holder who is sending the emails. Alternatively, a network may treat devices within a local network as inherently trustworthy, allowing attackers to move laterally, uninhibited after an initial network intrusion is successful. Zero Trust is akin to a philosophy of "trust but verify," where the organization adopts a security posture in which access to resources is minimized, and access permissions are contingent upon continuously authenticating and authorizing each request for access. Token's 5FA approach is rooted in this way of thinking and will bolster the security of any organization interested in a Zero Trust approach.