Security Foundations • 07 / 09

Trust Models: Trust but Verify vs. Zero Trust

Two contrasting philosophies for how organizations extend — or refuse to extend — trust to users, devices, and systems.

Traditional Model

Trust but Verify

"Extend trust, then monitor it"

Trust is extended to known entities — users, systems, devices — but their behavior is continuously monitored through logging, anomaly detection, and automated controls.

  • Logging & auditing provide the verification layer — security teams review logs to confirm normal behavior.
  • Automation is essential: IDS/IPS, proxies, and SIEM platforms handle what humans cannot review manually at scale.
  • Verification is real, but not exhaustive — reviewing every user action isn't feasible without automation.
  • Works reasonably well against external threats; less effective against insider threats where trust is already granted.
Modern Model

Zero Trust

"Never trust, always verify"

Treats trust itself as a vulnerability. No user, device, or system is implicitly trusted based on network location, ownership, or prior authentication.

  • Every access request requires explicit authentication and authorization — regardless of where it originates.
  • Being inside the corporate network grants no inherent trust. Lateral movement is aggressively restricted.
  • Particularly effective against insider threats and credential compromise — trust is never assumed, always earned.
  • If a breach occurs, blast radius is contained — attackers cannot freely move through a trusted internal network.
Zero Trust Origin

Coined by John Kindervag at Forrester Research in his 2010 report "No More Chewy Centers: Introducing the Zero Trust Model of Information Security."

NIST & Government Adoption

NIST published SP 800-207: Zero Trust Architecture as formal guidance. In 2021, Kindervag co-authored the U.S. President's NSTAC Zero Trust report, cementing it as federal security doctrine.

📌 Key Implementation — Microsegmentation
Host Averify
ACL Checkenforce
Host Bverify
ACL Checkenforce
Resourcegrant/deny

In a Zero Trust architecture, network segments can be as small as a single host. Every crossing between segments requires authentication, ACL checks, and policy enforcement. There is no free lateral movement — every hop is a checkpoint.

Practitioner note: Zero Trust is an architectural philosophy, not a product you buy. It is applied incrementally — you don't rip out your existing controls and start fresh. There is a practical ceiling: applying Zero Trust too aggressively can impede business operations. But the principle should be stretched as far as operationally feasible.

cybergrind.org  •  Orange Book  •  Security Foundations Series