Kriativ-tech Volume 1, Issue 11, Edição Nº 11 – 4-12-2025
Authors
Sérgio Pinto, Invited Assistant Professor, ISTEC Lisboa - Instituto Superior de Tecnologias Avançadas Lisboa, Portugal
Abstract
The Zero Trust Architecture (ZTA) represents a significant paradigm shift in network security by moving away from the traditional perimeter-based model. Instead, it follows the principle of “never trust, always verify”, operating under the assumption that threats may originate both inside and outside the network. This shift requires rigorous verification of every user, device, and application requesting access to protected resources, regardless of their location. Consequently, the core elements of ZTA include strict identity verification and context control for every access request. Moreover, ZTA represents a transformative approach to addressing the limitations of traditional security frameworks. By emphasizing continuous authentication, least-privilege access, microsegmentation, and continuous monitoring, it establishes a robust foundation for protecting sensitive information in an increasingly complex threat landscape. As cyber risks evolve, adopting Zero Trust principles will be critical for organizations seeking to safeguard digital assets while ensuring that trust is never assumed but always verified.
Keywords
Cybersecurity, Zero Trust, “Verify, Control and Enforce”, Authentication, Least Privilege, Monitoring, Segmentation.
References
[1] N. Howe, S. Ganguli, and G. Festa, Seven Elements of Highly Successful Zero Trust Architecture: An Architect’s Guide to the Zscaler Zero Trust Exchange. Zscaler, 2024. [Online]. Available: https://info.zscaler.com/resources-ebooks-seven-elements-of-highly-successful-zta[2] E. Ok, J. Willams, and J. Nicee, “Understanding Zero Trust Architecture,” 2025. [Online]. Available: https://www.researchgate.net/publication/389713227_Understanding_Zero_Trust_Architecture[3] O. E. Ejiofor, O. Olusoga, and A. Akinsola, “Zero Trust Architecture: A Paradigm Shift in Network Security,” Computer Science & IT Research Journal, Apr. 2025. [Online]. Available: https://www.researchgate.net/publication/390558157_Zero_trust_architecture_A_paradigm_shift_in_network_security[4] O. Christopher, T. Tenebe, E. Etu, A. Ayuwu, J. Emakhu, and S. Adebiyi, “Zero Trust Architecture: Trend and Impact on Information Security,” International Journal of Emerging Technology and Advanced Engineering, 2022. [Online]. Available: https://www.researchgate.net/publication/361758378_Zero_Trust_Architecture_Trend_and_Impact_on_Information_Security[5] National Institute of Standards and Technology (NIST), Zero Trust Architecture, NIST Special Publication 800-207, 2020. [Online]. Available: https://csrc.nist.gov/pubs/sp/800/207/final[6] J. Keshav, “Zero-Trust Security Models Overview,” 2023. [Online]. Available: https://www.researchgate.net/publication/377247838_Zero-Trust_Security_Models_Overview[7] D. Holmes, “The Definition of Modern Zero Trust,” Forrester, 2022. [Online]. Available: https://www.forrester.com/blogs/the-definition-of-modern-zero-trust/[8] J. Hietala, “Zero-Trust Architecture: Why Trusting No One Is a Smart Way to Protect Your IT Infrastructure,” Red Hat, 2022. [Online]. Available: https://www.redhat.com/architect/zero-trust-architecture[9] Zscaler site, available: https://www.zscaler.com/resources/security-terms-glossary/what-is-zero-trust-architecture[10] Cloudflare site, available: https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/[11] Crowdstrike site, available: https://www.crowdstrike.com/en-us/cybersecurity-101/zero-trust-security/zero-trust-architecture/VI AbbreviationsAI: Artificial IntelligenceDDoS: Distributed Denial of ServiceIdP: Identity ProviderIAM: Identity and Access ManagementIoT: Internet of ThingsOT: Operational TechnologyNIST National Institute of Standards and TechnologySSL/TLS:Secure Socket Layer / Transport Layer SecurityVM: Virtual MachineZT: Zero TrustZTA: Zero Trust Architecture