Attacks are more frequent, more sophisticated, and more successful, requiring organizations today to shift security strategies to more secure models that take the most restrictive of stances when it comes to providing access. While the concept of zero-trust security has many IT organizations thinking in terms of identity and cloud services, zero trust must run on a solid foundation. We should start by talking about the goals of zero-trust security. Zero trust involves creating an environment where each access request is first scrutinized to determine whether it should be allowed. This “never trust, always verify” method of access is a bit like passport control when entering a country—the default answer is no, but if you pass the system of checks, you’re allowed in. Organizations us ...