Volume no :
9 |
Issue no :
02
Article Type :
Scholarly Article
Author :
S.T. Sawale, Harsh R. Borkar, Vaishnavi D. Mahalle, Ketan D. Dange Shaikh Abuzar Shaikh Afsar
Published Date :
June, 2025
Publisher :
Journal of Artificial Intelligence and Cyber Security (JAICS)
Page No: 1 - 7
Abstract : The Zero Trust security model is a cybersecurity framework based on the principle of "never trust, always verify." It assumes that threats can originate both outside and inside the network, so no entity—whether internal or external— should be trusted by default. Instead, verification is required for anyone seeking access to network resources. This model represents a significant shift in cybersecurity, focusing on stringent access controls and continuous verification to safeguard against modern cyber threats. Access to the network is granted only through thorough verification, adding an extra layer of security and making it a highly effective strategy against data breaches. Core components of Zero Trust include Multi Factor Authentication (MFA) and Identity and Access Management (IAM). The model adopts an inside-out approach, creating and managing firewalls and controlling access to the network in a more granular and secure manner.
Keyword Zero Trust, Cybersecurity, Multi-Factor Authentication, Identity and Access Management, Internal Threats.
Reference:

1) FireEye Mandiant M-Trends. 2022. Available  online: https://mandiant.widen.net/s/kxbbdppzzk/m-trends-2022-executive summary (accessed on 18 November 2023).

2) S. Northcutt, L. Zeltser, S. Winters, K. Kent, and R. W. Ritchey, Inside Network Perimeter  Security (Inside), 2nd ed. Indianapolis, IN, USA: Sams, 2005.

3) J. Kindervag, “No More Chewy Centers: Introducing the Zero Trust Model of Information  Security,” Forrester Research, Cambridge, MA, USA, 2010.

4) D. M. Rousseau, S. B. Sitkin, R. S. Burt, and C. Camerer, “Not so different after all: A cross discipline view of trust,” Acad. Manag. Rev., vol. 23, no. 3, pp. 393–404, 1998.

5) K. Govindan and P. Mohapatra, “Trust computations and trust dynamics in mobile adhoc  networks: A survey,” IEEE Commun. Surv. Tutorials, vol. 14, no. 2, pp. 279–298, 2011.

6) P. Mell and T. Grance, “The NIST Definition of Cloud Computing,” NIST Special Publication  800-145, 2011.

7) R. Chow et al., “Controlling data in the cloud: Outsourcing computation without  outsourcing control,” in Proc. ACM Cloud Comput. Secur. Workshop (CCSW), 2009, pp. 85– 90.

8) E. Yuan and J. Tong, “Attribute-based access control (ABAC) for web services,” in Proc.  IEEE Int. Conf. Web Serv. (ICWS), 2005, pp. 561–569.

9) S. Rose et al., “Zero Trust Architecture,” NIST Special Publication 800-207, 2020.

10) Google, “BeyondCorp: A new approach to enterprise security,” Google Cloud Whitepaper,  2014.