Zero Trust has emerged for ten years. There are numerous posts and definitions if you google it. After digesting perspectives of Kindervag, CSA, Gartner, and NIST, Access Control 2.0 is the most effective terminology I can think of, to convey the idea of Zero Trust.
Access Control 2.0
Zero Trust is a cybersecurity paradigm for access control featuring data-centric, fine-grained, dynamic, and with Visibility.
- Software-defined perimeter over network perimeter.
- Data-centric micro-segments over network-based segments.
- Identity-based context and attribute-based access control for fine-grained control and policy dynamics.
- Logging and observing for visibility.
- Compliance with need-to-know, least privileges, and complete mediation.