Why Implement Zero Trust?
The people and systems using and accessing the corporate network were generally known quantities, therefore, IT security teams could reliably operate on a “trust but verify model,” meaning, any user or system that wanted to access system resources needed only to authenticate once to gain access and then were free to use resources as necessary. Network security, in other words, worked like a “castle and moat” system of defense; build a strong perimeter, generally a firewall, to keep the bad guys out, but once someone was inside the perimeter, that user was assumed trustworthy.
Over the years, networks and networking grew significantly and became more complicated. A “network” was not necessarily an on-site, hardware-based entity, and users were not necessarily sitting in a central office that could be defined by geography. Laptops then Smartphones and tablets meant that employees could work from anywhere in the world. Companies began using cloud and virtual for the speed, efficiency, and cost savings they offered. Geographic location of the person or system became irrelevant.
Fast forward 20 or 30 years.