# Zero Trust Architecture
## ⚡*Responsible* AI. Transparent.
{% content-ref url="../active-development/human-in-the-loop" %}
[human-in-the-loop](https://docs.lisaiceland.com/platform+/active-development/human-in-the-loop)
{% endcontent-ref %}
{% content-ref url="../active-development/advanced-agent-verifier" %}
[advanced-agent-verifier](https://docs.lisaiceland.com/platform+/active-development/advanced-agent-verifier)
{% endcontent-ref %}
{% content-ref url="../../smarter-ai-learn-more/ai-safety+/bias-protections" %}
[bias-protections](https://docs.lisaiceland.com/smarter-ai-learn-more/ai-safety+/bias-protections)
{% endcontent-ref %}
{% content-ref url="../../smarter-ai-learn-more/ai-safety+/guardrails+/ai-safety-guardrails" %}
[ai-safety-guardrails](https://docs.lisaiceland.com/smarter-ai-learn-more/ai-safety+/guardrails+/ai-safety-guardrails)
{% endcontent-ref %}
{% content-ref url="../../privacy+/hipaa-or-soc2-or-pci/hipaa" %}
[hipaa](https://docs.lisaiceland.com/privacy+/hipaa-or-soc2-or-pci/hipaa)
{% endcontent-ref %}
{% content-ref url="../../privacy+/hipaa-or-soc2-or-pci/pci-dss" %}
[pci-dss](https://docs.lisaiceland.com/privacy+/hipaa-or-soc2-or-pci/pci-dss)
{% endcontent-ref %}
{% content-ref url="../../privacy+/hipaa-or-soc2-or-pci/soc-2-type-ii" %}
[soc-2-type-ii](https://docs.lisaiceland.com/privacy+/hipaa-or-soc2-or-pci/soc-2-type-ii)
{% endcontent-ref %}
## ⚡What is it?
> ### Zero Trust is a modern cybersecurity strategy based on "*never trust, always verify*," assuming no user or device is inherently safe, even inside a network, aka end-to-end "[*perimeterless*](https://en.wikipedia.org/wiki/Zero_trust_architecture)" security architecture which requires strict identity verification, least-privilege access, and continuous validation for every resource request, moving from location-based trust to identity-centric security for complex cloud environments.
## ⚡Approach
> ### This approach prevents attackers from moving laterally, significantly reducing breach impact by microsegmenting networks and strictly controlling data access.
### Core Principles
* **Verify Explicitly**
* Always authenticate and authorize based on all available data points (identity, location, device health).
* [**Least Privilege**](https://www.google.com/search?sca_esv=283b61cf11016ab2\&rlz=1C1ONGR_enUS1140US1140\&sxsrf=AE3TifMS4WjMrcOs1Akc1Ojf0iceKJH1Tg%3A1766499894276\&q=Least+Privilege\&sa=X\&ved=2ahUKEwj1u8b19NORAxUyk2oFHbMnNisQxccNegUIwgIQAQ\&mstk=AUtExfA6wsKvQAECVw6OwvHmKWIMNdFl_19uapuzBte7yUlg8KMRtLu8tbds5TP2rnhdPPFWdCFr_FORTQS6NqcrAcHjlKTjK2bmAUlzzLe3iWn-M6uysCdeRwKTEm6UK496CNeYDXVzAiAyhXkz94gTfwB8hHjbutKd36HPXo1MAwlFaZryA6wGsLHpyIa48Ss2n5EnKgE8QxZsYbP9Bey8Ti3iWVm90z6ikx5-V2qWiircpSOIQF4p_VJXIpZEs5yOm4E0cB2bxe7igGFyUXY_hVwT\&csui=3) **Access**
* Grant just enough access (Just-In-Time/Just-Enough-Access) for a specific task, not broad network access.
* **Assume Breach**
* Design systems assuming attackers are already present, minimizing their ability to move around.
### Key Components & Technologies
* [**Identity & Access Management**](https://www.google.com/search?sca_esv=283b61cf11016ab2\&rlz=1C1ONGR_enUS1140US1140\&sxsrf=AE3TifMS4WjMrcOs1Akc1Ojf0iceKJH1Tg%3A1766499894276\&q=Identity+%26+Access+Management\&sa=X\&ved=2ahUKEwj1u8b19NORAxUyk2oFHbMnNisQxccNegUI5wIQAQ\&mstk=AUtExfA6wsKvQAECVw6OwvHmKWIMNdFl_19uapuzBte7yUlg8KMRtLu8tbds5TP2rnhdPPFWdCFr_FORTQS6NqcrAcHjlKTjK2bmAUlzzLe3iWn-M6uysCdeRwKTEm6UK496CNeYDXVzAiAyhXkz94gTfwB8hHjbutKd36HPXo1MAwlFaZryA6wGsLHpyIa48Ss2n5EnKgE8QxZsYbP9Bey8Ti3iWVm90z6ikx5-V2qWiircpSOIQF4p_VJXIpZEs5yOm4E0cB2bxe7igGFyUXY_hVwT\&csui=3) **(IAM):**
* Strong multi-factor authentication (MFA) for users and devices.
* **Device Compliance**
* Checking device health (patching, malware) before granting access.
* **Microsegmentation**
* Dividing networks into small zones to contain breaches.
* [**Zero Trust Network Access**](https://www.google.com/search?sca_esv=283b61cf11016ab2\&rlz=1C1ONGR_enUS1140US1140\&sxsrf=AE3TifMS4WjMrcOs1Akc1Ojf0iceKJH1Tg%3A1766499894276\&q=Zero+Trust+Network+Access\&sa=X\&ved=2ahUKEwj1u8b19NORAxUyk2oFHbMnNisQxccNegUI4wIQAQ\&mstk=AUtExfA6wsKvQAECVw6OwvHmKWIMNdFl_19uapuzBte7yUlg8KMRtLu8tbds5TP2rnhdPPFWdCFr_FORTQS6NqcrAcHjlKTjK2bmAUlzzLe3iWn-M6uysCdeRwKTEm6UK496CNeYDXVzAiAyhXkz94gTfwB8hHjbutKd36HPXo1MAwlFaZryA6wGsLHpyIa48Ss2n5EnKgE8QxZsYbP9Bey8Ti3iWVm90z6ikx5-V2qWiircpSOIQF4p_VJXIpZEs5yOm4E0cB2bxe7igGFyUXY_hVwT\&csui=3) **(ZTNA)**
* Securely connecting users to specific apps, not the entire network.
* **Continuous Monitoring**
* Constantly inspecting and logging traffic for anomalies.
### Why It Matters
* **Secures Modern Work**
* Protects remote workers, cloud apps, and IoT devices, unlike traditional perimeter security.
* **Reduces Breach Impact**
* Limits lateral movement, shrinking the "blast radius" of an attack.
* **Meets Compliance**
* Aligns with new regulations, like the U.S. federal mandate for Zero Trust.
## ⚡Summary
> ### Zero Trust shifts security from protecting the network perimeter to protecting individual resources, treating every access attempt with suspicion until proven legitimate.