What Is Zero Trust? The Security Model Built for Today's Threat Landscape

What is Zero Trust, exactly? It is a cybersecurity approach built on the idea that no entity, inside or outside a network, should be automatically trusted. The phrase "never trust, always verify" captures the core logic: every access request must be authenticated, authorized, and continuously validated before it is permitted.

The Zero Trust security model was formalized by analyst John Kindervag at Forrester Research in 2010. NIST SP 800-207, published in August 2020, defines Zero Trust architecture as a set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.¹ CISA's Zero Trust Maturity Model (ZTMM) 2.0 builds on that foundation with five enforcement pillars: Identity, Devices, Networks, Applications and Workloads, and Data.²

The difference from traditional security is straightforward. Legacy models drew a perimeter around the corporate network and assumed everything inside was safe. Zero Trust security throws out that assumption entirely. The Zero Trust security model shifts focus from "is this inside the network?" to "can this identity be verified right now?"

Traditional network security models were designed for a world that no longer exists. Employees worked in offices, applications ran in on-premises data centers, and a firewall at the edge was enough.

Cloud computing, remote workers, and AI workloads changed all of that. Today, sensitive data moves across multiple cloud environments, containerized workloads spin up and disappear in seconds, and third-party software components connect directly into production systems. The perimeter is effectively gone.

Once an attacker gets through a perimeter, nothing in a legacy architecture stops them from moving freely. Supply chain attacks exploit exactly this gap. A compromised dependency can land inside a "trusted" environment and exfiltrate credentials before any alert fires.

The March 2026 LiteLLM attack made this concrete. Threat group TeamPCP pushed malicious versions of a Python library used in roughly 36% of cloud environments, harvesting AWS, GCP, and Azure credentials, SSH keys, and Kubernetes tokens from any process that initialized the package.³ The payload arrived inside signed, trusted code. What stopped it for Aviatrix customers was network-layer containment: a policy that said this workload cannot reach that destination, enforced before the credentials could leave.

Zero Trust architecture is not a single product. It is a layered system that enforces security across five pillars, as outlined in the CISA ZTMM 2.0 framework.² A properly implemented Zero Trust architecture governs identity, devices, networks, applications, and data as an integrated whole, not as separate checkpoints.

Identity: The Foundation of Zero Trust Security

Every access request starts with identity verification. In a Zero Trust approach, identity is the new perimeter. Before any user or workload gains access to a resource, the system requires strict identity verification: who you are, what you are running on, and what you are allowed to reach.

Identity and access management systems sit at the center of this pillar. Multi-factor authentication, single sign-on, and certificate-based workload identity are the primary controls. For cloud workloads, identity includes the service, the pod, the function, and the agent making the call, not just the human user.

Devices: Continuous Posture Assessment

Zero Trust security does not trust a device because it was trusted yesterday. Devices must continuously prove they meet security requirements: patch level, configuration compliance, endpoint detection status. If a device falls out of compliance, access is revoked dynamically. A Zero Trust model evaluates device health at the moment of each access request, not once at login.

Networks: Segmentation That Stops Lateral Movement

Network security in a Zero Trust environment means segmenting traffic so that a compromised workload cannot reach anything beyond what policy explicitly allows. microsegmentation divides the environment into isolated zones. East-west traffic, the workload-to-workload communication inside a cloud environment, is controlled by the same strict policies as traffic crossing the perimeter.

Traditional security often produces flat internal networks where a single compromised identity can pivot freely. Zero Trust network access (ZTNA) replaces that model with identity-based controls on every connection.

Applications and Workloads: Securing What Runs the Business

Zero Trust extends to every application and workload, including containers, serverless functions, Kubernetes pods, and AI agents. Access is granted on a per-session basis aligned with NIST SP 800-207 principles.¹ AI workloads and API-connected middleware components often operate with excessive privilege, reaching destinations no policy has explicitly permitted. Zero Trust for workloads enforces a default-deny posture at the workload layer.

Data: Protecting Sensitive Data at Rest and in Transit

Protecting sensitive data means encrypting it in transit, enforcing access controls based on data classification, and ensuring only authorized identities can read or exfiltrate it. In multicloud environments, this requires consistent encryption across VPCs, VNets, and regions, with FIPS-validated controls and telemetry proving compliance with HIPAA, PCI DSS 4.0, and DORA.

Least privilege access is the principle that connects every Zero Trust pillar. Every user, workload, and device gets access to exactly what it needs and nothing more. Access management is continuous.

• Users and workloads cannot access network resources they have no business reaching.

• Privilege is granted per session, not per user account.

• Privileged access to sensitive systems requires additional verification beyond a password.

• Unused permissions are removed as workloads change.

Zero Trust security implementations that consistently enforce least privilege reduce the cost of security breaches by approximately $1 million compared to organizations without it.⁴

Virtual private networks were built for a different era. A VPN grants broad network access once a user authenticates. That model works when the network is small and user populations are known. It breaks down at enterprise scale.

Zero Trust network access (ZTNA) replaces the VPN model with per-application, identity-based access control. Instead of connecting a remote user to the entire network, ZTNA connects them only to the specific resource they are authorized to reach. The rest of the network is invisible and inaccessible.

Research from 2025 found that 65% of organizations plan to replace VPN services within the year, and 81% plan to implement Zero Trust strategies within the next 12 months.⁵ VPN vulnerabilities now represent a primary entry point for ransomware, with 56% of organizations reporting VPN-exploited security breaches in the prior year.⁵

Zero Trust security requires continuous monitoring of every session, every connection, and every access request. Threat intelligence feeds into the policy engine in real time. If a device's posture degrades or an access pattern looks anomalous, the policy engine revokes access without waiting for a human to intervene.

Continuous verification is what separates Zero Trust from legacy access management. A perimeter firewall checks packets at the boundary and lets approved traffic flow freely inside. Zero Trust checks every hop, every workload-to-workload call, and every attempt to reach external destinations. The LiteLLM attack was designed to exfiltrate credentials silently over network paths that traditional monitoring tools were not watching. Workload-level egress visibility would have made that traffic visible immediately.

Supply chain attacks bypass identity controls entirely by compromising trusted software before it is installed. The attacker does not need to steal credentials. They embed malicious code into a package that security teams have already approved.

Zero Trust cannot prevent a poisoned package from being downloaded. What it can do is contain the blast radius when that package tries to reach an unauthorized destination. The containment logic is direct. If a workload is running in a production cloud environment, its permitted destinations are defined by policy. An AI middleware component should reach the LLM API it is configured for. It should not reach an unknown IP address in a foreign country. Enforcing that distinction at the network layer blocks the exfiltration even when malicious code executes.

This is the shift Doug Merritt, CEO of Aviatrix, described at RSAC 2026: "The most important element is how do you contain them? That clearly is a lot of what we're focused on here at Aviatrix and the world really needs, especially in the cloud right now."

To implement a Zero Trust framework in a multicloud environment requires a different approach than traditional security. There is no perimeter to enforce. Workloads are ephemeral. Static firewall rules break within hours.

Start with Workload Identity

Before you can enforce any policy, you need to know what is connecting to what. Tag workloads by identity, not IP address. Kubernetes pods, Lambda functions, and cloud VMs each get a stable identity that persists as the underlying infrastructure changes.

Define and Enforce Access Control Policies

With workload identity established, define what each identity is allowed to reach. Zero Trust access control operates on explicit permit rules. Everything not explicitly allowed is denied by default. That default-deny posture is what contains a supply chain payload when it tries to reach an unauthorized destination.

Segment East-West Traffic to Prevent Lateral Movement

Most cloud security tools focus on north-south traffic. Zero Trust also governs east-west traffic, the workload-to-workload communication attackers exploit for lateral movement. microsegmentation creates boundaries between workloads so a compromise in one zone cannot spread to another.

Enable Continuous Monitoring and Verification

Every access decision, every denied connection, and every policy change should be logged and visible. Security teams need this data to detect anomalies and continuously refine policies as the environment evolves.

Apply Security Controls Across All Cloud Environments

Multicloud environments create enforcement gaps when each cloud operates under separate policies. A unified control plane applies the same Zero Trust policy across AWS, Azure, GCP, and OCI simultaneously.

AI workloads have introduced a new class of Zero Trust security challenge. Every AI agent, LLM application, RAG pipeline, and MCP server is a new workload with network access, often running with credentials granting broad access to cloud resources.

The ratio of machine identities to human identities in modern cloud environments has reached approximately 144 to 1.⁶ Most of those machine identities have no Zero Trust controls governing what they can reach. That is the attack surface TeamPCP exploited in March 2026.

Applying Zero Trust to AI workloads means defining what is allowed and denying everything else, enforced at the network layer:

• Restrict LLM API calls to explicitly permitted providers.

• Govern egress from RAG pipelines to vector databases.

• Block connections from AI agents to unauthorized cloud services.

• Detect shadow AI workloads that have never been inventoried.

Aviatrix Zero Trust for AI Workloads enforces this through WebGroups (managed destination lists for every major LLM and MCP provider) and SmartGroups (identity-based workload targeting that follows pods and functions as they scale). No TLS decryption required. No code changes. Default-deny from day one.

The global Zero Trust security market stood at $42.28 billion in 2025 and is projected to reach $148.68 billion by 2034, at a CAGR of 14.76%.⁷ The Zero Trust architecture market was valued at $19.2 billion in 2024 with a projected CAGR of 17.4% through 2034.⁸

Zero Trust adoption is accelerating. Nearly half of IT and business leaders (46%) report their organization is actively moving to a Zero Trust model, and 43% have already adopted Zero Trust, leaving just 11% with no current implementation.⁴

Aviatrix built the Cloud Native Security Fabric (CNSF) to deliver Zero Trust architecture enforcement at the workload layer across multicloud environments. It operationalizes NIST SP 800-207 and CISA ZTMM 2.0 with distributed Policy Enforcement Points (PEPs) at every workload, not at a centralized chokepoint. This Zero Trust architecture is agentless, meaning enforcement happens inside the cloud fabric without software installed on individual workloads.

Zero Trust for Workloads extends this enforcement to containers, Kubernetes clusters, and serverless functions. Zero Trust for Networking adds FIPS-validated fabric-wide encryption across every VPC, VNet, and region.

The result shifts the question from "did we detect it?" to "could it go anywhere?" When the answer to the second question is no, the blast radius is zero.

Zero Trust network access also solves the remote access problem that VPNs created. Remote workers connecting through a VPN get broad network access. If their device is compromised, that access becomes the attacker's access. Zero Trust for remote access replaces that model with per-application identity verification, connecting remote employees securely without the lateral movement risk that VPNs create.

Zero Trust has become a regulatory requirement. Executive Order 14028 directed federal agencies to adopt Zero Trust security strategies, and the DoD Zero Trust Strategy targets full adoption by FY2027.² HIPAA 2025, PCI DSS 4.0, DORA, and NIS2 all include requirements aligned with Zero Trust architecture controls.

Zero Trust implementation reduces breach risk and generates the telemetry required to prove compliance to auditors. Proof of encryption, access control, and continuous monitoring is produced in real time by the same system enforcing the policy.

Zero Trust security is not a product you buy. It is a commitment to treating every connection as untrusted until proven otherwise, enforcing least privilege access on every workload, and containing security breaches before they spread.

The cloud has made this non-negotiable. Perimeter security does not work when there is no perimeter. Detection alone does not work when attackers arrive inside trusted code. What works is enforcement at the workload layer and a default-deny posture that limits blast radius to zero.

Contact us to see how Aviatrix CNSF enforces Zero Trust security across your multicloud environment.

Aviatrix is the Cloud Native Security Fabric company. Its platform embeds Zero Trust security enforcement directly into the cloud fabric, controlling workload-to-workload and workload-to-internet traffic across AWS, Azure, GCP, and OCI in real time. Aviatrix serves 500+ enterprise customers including roughly 10% of the Fortune 500, recognized in the Deloitte Technology Fast 500 (2025). The platform requires no agents and no application changes, delivering containment that stops lateral movement and data exfiltration at the moment of the access attempt.

• https://csrc.nist.gov/pubs/sp/800/207/final

• https://www.cisa.gov/sites/default/files/2023-04/CISA_Zero_Trust_Maturity_Model_Version_2_508c.pdf

• https://aviatrix.ai/resources/aviatrix-zero-trust-for-ai-workloads-default-deny-ai-governance-at-the-network-layer/

• https://electroiq.com/stats/zero-trust-security-statistics/

• https://www.cio.com/article/3962906/why-81-of-organizations-plan-to-adopt-zero-trust-by-2026.html

• https://aviatrix.ai/products/zero-trust-for-workloads/zero-trust-for-ai-workloads/

• https://www.fortunebusinessinsights.com/zero-trust-security-market-108832

• https://www.gminsights.com/industry-analysis/zero-trust-architecture-market