Zero-trust security means you shouldn't assume someone is trustworthy because they're inside your network. Therefore, zero-trust security is sometimes referred to as parameterless security: you continuously authenticate and verify based on the situation. Cybersecurity measures aren't enough if malicious actors are already on your network. Tom Merritt shares five facts about zero-trust security that you should know to protect your organization's data.


Here are five things to know about zero-trust security.


1. Zero-trust security has been around for some time.


In 1994, Stephen Paul Marsh coined the term, which security analyst John Kindervag later popularized. Google first attempted a form of zero-trust security in 2009.

2. Zero-trust security requires a change in your work culture.


People used to log in to access whatever they wanted with a few broad permissions based on their level. With zero-trust security, you are restricted by task, not by the type of access. It doesn't have to be more challenging, but there will be a change that will cause many employees to wonder why they have to keep proving their identity. Leadership should explain its benefits to get peers on board with zero-trust security.

3. You will need to know about '5 Ws'


The information must be protected; from where access requests are coming, who is asking for it, why, and when they need it.


4. VPNs will not help you.


People tend to assume that perimeter less means remote access when they think of perimeter less. That's not quite the case. A VPN is just another perimeter. VPNs are useless if the bad guys are inside them as well.


5. Continually monitor the situation. 


Keep an eye out for security holes. No system is perfect with perimeter security, and malicious behavior will occur. Analyze the root cause and share your findings whenever you find security flaws.