Cybersecurity Glossary

What is Zero Trust?

Q: How do we measure Zero Trust progress?

Track the percentage of accounts with MFA, the percentage of devices compliant with policy, the number of shared credentials eliminated, and the number of privileged sessions that require step-up authentication.

Zero Trust is a security model that assumes no user, device, or network request is trustworthy by default. Every access attempt is verified based on identity, device posture, and context before being granted, even for users already inside the network perimeter.

Blocks 99% of password attacks

Required by most cyber insurance

Core to SOC 2, HIPAA, PCI

How It Works

How Zero Trust works

Three-step view of how it operates in practice.

Identify

Every request is tied to a verified user identity. No shared accounts, no anonymous access.

Evaluate

Before granting access, the system checks device health, location, time of day, and the sensitivity of the resource being requested.

Enforce

If risk signals look unusual, the request is challenged with additional verification or denied entirely. Access is time-limited.

Zero Trust Variants

The pillars of a Zero Trust program

A clear breakdown of the common variants.

Core

Verify identity

MFA on every account, conditional access policies, no shared credentials.

Most common

Verify device

Time-based one-time codes from an app like Microsoft Authenticator or Google Authenticator. Offline-capable and phishing-resistant against many attacks.

Convenient

Least-privilege access

The user approves a sign-in with a tap on their phone. Easy to use but vulnerable to MFA fatigue attacks — always pair with number matching.

Strongest

Monitor continuously

FIDO2 keys like YubiKey, or device-bound passkeys. Phishing-resistant by design — the key will not authenticate against a fake domain.

Why It Matters

Why Zero Trust matters for SMBs

Zero Trust is a security model that assumes no user, device, or network request is trustworthy by default.

83%

of organizations experienced more than one identity-related breach

Source: Identity Defined Security Alliance, 2024

Pitfalls

Common Zero Trust mistakes

Treating Zero Trust as a productZero Trust is a strategy, not a SKU. No single vendor gives you Zero Trust out of the box.
Skipping device postureAdmins, finance, and anyone with access to money or sensitive data should use an app or hardware key — never SMS alone.
Ignoring service and admin accountsAttackers go for service accounts and privileged roles. These need the same scrutiny as end-user accounts.
Rolling out all at onceStart with identity and the highest-risk applications. Expand in phases — big-bang rollouts stall.

Common Questions

Zero Trust frequently asked questions

Is Zero Trust only for large enterprises?⌄

No. SMBs benefit more because they usually have flat networks, overlapping permissions, and less mature monitoring. Cloud-native tools make Zero Trust achievable without an enterprise budget.

What is the difference between Zero Trust and VPN?⌄

A VPN puts users inside the network perimeter, then trusts them implicitly. Zero Trust verifies every request individually, whether the user is remote or in the office, and gives access only to specific resources.

How long does a Zero Trust rollout take?⌄

A phased identity and device baseline can be in place in 60-90 days. Full Zero Trust coverage across apps, data, and networks is a multi-quarter program, not a project.

Does Zero Trust eliminate the need for a firewall?⌄

No. Firewalls still matter for network segmentation and traffic inspection. Zero Trust extends protection to the identity and application layers, where most breaches start.

How do we measure Zero Trust progress?⌄

Have a documented recovery process before it happens. Typically an administrator verifies the user's identity through an out-of-band channel, temporarily disables MFA, and re-enrolls the user with a new device. Backup codes or a secondary security key reduce downtime.

Related Services

LogicalNet services related to MFA

Identity & Access Protection Primary

MFA enforcement, conditional access, least privilege, and identity monitoring.

Email Security

Phishing defense, account-takeover monitoring, and secure email gateways.

Related Terms

Ready to start your Zero Trust journey?

Talk to a LogicalNet identity expert. We will review your current environment, recommend the right MFA methods for each group of users, and help you deploy without disrupting the business.

Schedule Consult Identity Services

No commitment · Local engineers · Response within 1 business day