In the early 2000s, there was a rise in documents being stolen and leaked by employees within organizations, as well as state-sponsored adversaries gaining deep access to networks (a.k.a. Advanced Persistent Threat). In Eoghan Casey's 2006 paper, “Investigating Sophisticated Security Breaches,” he described the difficulties of dealing with sophisticated adversaries.
Traditional perimeter-based security models are ineffective against insiders with legitimate access and APT adversaries that blend in with normal activities, making them harder to find and eject. In response to these evolving threats, a Zero Trust approach to security was introduced- one that did not trust everyone “inside” the network by default. The Zero Trust framework was developed to protect digital assets against malicious insiders and targeted attacks
These trends required a shift in security to embrace deperimeterization, assume compromise, and verify instead of trust.
“This is especially important as we move to a cloud-enabled technology environment where much of the data sits outside of our traditional data centers." - JOHN KINDERVAG “NO MORE CHEWY CENTERS” FORESTER REPORT
