Save 50% with code UNLOCK50 at checkout. View individual plans Save 50% on Pluralsight. Use code UNLOCK50 at checkout.
close button

Behind the buzzword: What is zero trust?

Want to know what zero trust is, but you're sick of wading through all the hype? Here's what you need to know about it with no fluff, only facts.

Adam Ipsen

By Adam Ipsen

Oct 23, 2025 • 4 Minute Read

Please set an alt value for this image...

In this edition of Behind the Buzzword, we cover a hot topic in the tech industry right now: zero trust. Here's what you need to know about it, explained in a four-minute read.

Traditional security: The perimeter security model

Imagine you’re in charge of IT security at your organization. Naturally, you want to keep bad actors out of your IT systems: that’s the job. So you put up firewalls, intrusion detection and prevention systems, and other products that block external threats. You’ve put a moat around your castle to protect you from intruders.

But what about threats from the inside? What if this is less of a Lord of the Rings scenario, and more Game of Thrones, and the bad actors are already inside the moat, inside the castle? 

You’ve put all this work into the moat, but once they’re in the castle grounds, they could go anywhere. They could go into the throne room and topple the king—those key systems that your organization needs to function. With IT systems spread out across the cloud and people working remotely or from their own devices, a single defensive perimeter doesn’t work. 

How do you solve this? Enter zero trust.

What is zero trust?

Zero trust, also known as perimeterless security, is a security model where you focus less on building a moat around your IT systems and instead treat everyone inside inside or outside of it with zero trust by default. Just like Game of Thrones, anyone could be a bad actor in disguise, waiting to strike.

Paranoid? A little. Effective? Very. 

The six main principles of zero trust

1. Continuous monitoring and validation

Users and machines must continuously verify they are who they say they are. This means checking both the user and the device’s identity and privileges, then having logins and connections time out after a while so they’ve got to re-verify themselves.

Think of this as having guards inside your castle stop and ask “Halt, who goes there?” And then instead of taking that person’s word for it, the guards ask for their credentials to make sure.

2. The Principle of Least Privilege

You only give users as much access as they need to do their job, no more. If you’ve got a soldier in the castle, and they don’t need access to the armory, don’t give them a key. 

3. Device access control

You monitor how many devices are trying to connect to the network, if they’re authorized, and that they have not been compromised.

4. Microsegmentation

Rather than one big security perimeter, or moat, break them into small zones to maintain separate access for separate areas of the network. That way if someone gets access to one zone, they don’t have access to all the other zones. Think smaller moats and segmented keeps.

4. Preventing lateral movement

Lateral movement is when a bad actor moves around a network once they get inside. With zero trust, we’ve segmented things so it’s hard for them to do that, so once they’re detected, you can quarantine the compromised device or account. 

Think trapping your attacker in one of those segmented keeps mentioned earlier and dropping some boiling oil on them.

6. Multi-factor authentication (MFA)

MFA is a huge part of zero trust. All it means is needing more than one piece of evidence to authenticate a user, instead of just a password. Two factor authentication (2FA) is a common way of doing this, like getting a code sent to your mobile phone as well as needing a password.

Conclusion

And that’s zero trust in a nutshell! To quote Game of Thrones, chaos is a ladder. Make sure to build your IT security so bad actors don’t have a rung to stand on.

Further learning about zero trust

Pluralsight offers a range of beginner, intermediate, and expert cybersecurity courses, including a dedicated zero trust security learning path. Since you can sign up for a 10-day free trial with no commitments, it’s a great way to take some professionally authored courses with a set course structure. Why not check them out?

More 'Behind the Buzzword' articles

Close button

Advance your tech skills today

Access courses on AI, cloud, data, security, and more—all led by industry experts.

Free individual trial
Free team trial
Adam Ipsen

Adam I.

Adam is a Lead Content Strategist at Pluralsight, with over 13 years of experience writing about technology. An award-winning game developer, Adam has also designed software for controlling airfield lighting at major airports. He has a keen interest in AI and cybersecurity, and is passionate about making technical content and subjects accessible to everyone. In his spare time, Adam enjoys writing science fiction that explores future tech advancements.

More about this author