Zero trust is a well-known term in cybersecurity. With its origins in information technology the primary focus and guidance was constructed on a set of principles that not long ago would have been difficult, if not impossible, to implement in an operational technology (OT) environment. But today cybersecurity leaders in the OT realm are adapting zero trust for the unique requirements for their environments, as well.
The history of zero trust goes back to the mid 1970s, to the principle of least privilege (POLP), which simply states that only the authority required to perform the specific function should be granted. In other words, every entity must be able to access only the information and resources that are necessary for its legitimate purpose. While this principle is implemented in the privilege rings of the application stack, the general principle of limiting access to authorized and validated resources directly applies to zero trust.
There are really only two primary goals of zero trust. First is to prevent unauthorized access to data, services and resources. Second is to make access as granular as possible by shrinking or eliminating explicit trust zones.
Read more here.
