<aside> <img src="/icons/unlock-keyhole_gray.svg" alt="/icons/unlock-keyhole_gray.svg" width="40px" /> Zero Trust security means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network. Zero Trust demands verification for every device, user, and transaction within the network, regardless of its origin

</aside>

To create a zero trust architecture we use two different planes:

• Control Plane
  • Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies the policies related to user and system access within an organization
    • Control Plane typically encompasses several key elements:
      • Adaptive Identity
        • Relies on real-time validation that takes into account the user’s behavior, device, location, and more
      • Threat Scope Reduction
        • Limits the users’ access to only what they need for their work tasks because this reduces the network’s potential attack surface
      • Policy-Driven Access Control
        • Entails developing, managing, and enforcing user access policies based on their roles and responsibilities
      • Secured Zones
        • Isolated environments within a network that are designed to house sensitive data

• Data Plane
  • Ensures the policies are properly executed
  • Data plane consists of the following:
    • Subject/System
      • Refers to the individual or entity attempting to gain access
    • Policy Engine
      • Cross-references the access request with its predefined policies
    • Policy Administrator
      • Used to establish and manage the access policies
    • Policy Enforcement Point
      • Where the decision to grant or deny access is actually executed