Zero Trust: A new approach to security for modern IT architectures

Traditional IT security models are reaching their limits today. Employees work from anywhere, data is stored in the cloud, and applications are operated decentrally. Until now, IT security has been quite clearly defined: a firewall protected the company network like a castle wall. Anyone within these walls was considered trustworthy. This traditional principle is increasingly losing its validity. This is exactly where Zero Trust comes in.

What exactly does zero trust mean?

Zero trust is not a product, but rather a holistic security concept. The basic idea is radical, but very simple: ‘Never trust, always verify’. Instead of assuming that only trustworthy actors are within the network, zero trust treats every access as potentially risky. At its core is the assumption that the attacker is already in the network.

Before a connection is allowed, the user’s identity and authorisation to access the file or application are checked. This significantly reduces the risk of data misuse and lateral movement.

The central principles of the concept:

• Least privilege: Each person receives only as many permissions as they actually need to perform their tasks.
• Risk-based access control: Access depends on the context, e.g. device type, location, time of day or security status of the end device.
• Dynamic access control: Each data point has its own ‘bodyguard’, so to speak.

This transforms a static security model into a dynamic system that can respond flexibly to new threats and shifts protection to where it is needed today: at the access point itself.

From perimeter to identity – a paradigm shift

Traditional IT security architectures are based on a fixed perimeter: a clear boundary separates the corporate network from the outside world. Employees working from mobile offices log in via a VPN. Often, a computer certificate on the device is sufficient to gain access to the entire internal network.

Zero Trust rethinks this approach. The focus is no longer on the network boundary, but on identities and context-based decisions: Who wants to access what? From which device? What is the security status of this device?

An example: A marketing employee logs in, the security platform checks their identity and device status, and decides that they can access marketing systems but not HR data. Every access is verifiable and traceable, regardless of whether it is from the office or from home. The result is a security concept that is highly flexible and fits seamlessly into hybrid working environments.

Challenges and success factors in practice

Zero Trust requires a clear conceptual foundation and an understanding of how data, identities and IT systems interact within the company. It is about redefining trust, precisely modelling access rights and integrating security

How to successfully implement Zero Trust

The best way to implement Zero Trust is for companies to think holistically about the concept – as a long-term development of their security strategy. Those who opt for a clear architecture at an early stage reduce complexity and ensure a better user experience.

The key components of Zero Trust are:

• Multi-factor authentication (MFA): Strengthens identity security.
• Micro-segmentation: Divides networks into smaller, controllable areas.
• Risk-based policies: Make access decisions dynamically, depending on the context.
• Zero Trust Gateway: Controls and secures external access without the need for traditional VPN structures.

A practical example: Employees working from home access central applications via Cisco Secure Access. A separate, encrypted connection to the network is established for each application. The health of the devices is continuously monitored, yet the user experience remains as smooth as in the office.

Security and flexibility are therefore not mutually exclusive if the concept is properly planned and implemented.

Looking ahead – Universal ZTNA

IT security is constantly evolving, as are the threats on the other side. Modern solutions such as Universal ZTNA (Zero Trust Network Access) take the principle to the next level: they combine identity verification, policy control and network segmentation and can be broken down to local firewalls. In combination with solutions such as Secure Access and Secure Firewall, this creates a consistent security architecture – from the end device to the data centre. The result: a uniform, scalable security model for the hybrid working environment.

Conclusion and outlook

Zero Trust has become an established concept in IT security in recent years. The Pentagon’s Zero Trust strategy from 2022 and the renewal of the strategy in September 2025 to version 2.0 have certainly had a significant influence on this.

This is how the zero trust concept emerged from its niche with many small solutions and onto the big stage. By combining various security functions – such as reverse proxies with MFA and client patch status control – in a platform such as Cisco Secure Access, access can be easily and centrally controlled.

Earlier zero trust strategies, consisting of many small components from different providers, often failed due to excessive complexity and the resulting high costs. Today, this is no longer necessary. Instead, you can take advantage of the platform and leave the consolidation of individual security functions to an experienced provider.