Zero Trust Architecture (ZTA) is a trendy term touted by cybersecurity vendors. But there isn’t a single ZTA solution. The architecture is composed of numerous components, that when taken together, form a new paradigm for dealing with cybersecurity that is appropriate in a modern world where corporate enterprises are no longer confined to a well-defined and trustworthy perimeter such as remote working and cloud environments. For reference, the National Institute of Standards and Technology (NIST) has created a very detailed ZTA publication
The concept of Zero Trust began in a response to trends such as bring your own device and where cloud assets are not located within an enterprise-owned boundary. ZTA moves defenses from static network-based perimeters, to focus on users, assets and resources. No implicit trust is granted to assets or user accounts based solely on their physical location, or asset ownership. ZTA authentication and authorization are performed before a session for any enterprise resource with the primary focus to protect resources (assets, services, workflow, accounts etc.), not network segments.