A "Zero Trust Network" is a cybersecurity strategy that assumes all users, devices and transactions are already compromised and will remain untrusted until a user has proven trustworthy by authenticating in a predictable and acceptable method. The zero trust model requires strict identity and device verification, regardless of the user's location in relation to the network. The traditional approach to network security is known as the castle and moat model.
A network that uses a Castle and Moat model focuses on making network access difficult from those physically outside of the trusted network (the castle), but once inside the firewall (moat), users are automatically trusted and may move around the network freely. This means that if a cyber-criminal does penetrate the moat (firewall) they have free run of the castle (data). Whereas in a Zero Trust model, all users are treated equally (or more specifically are equally distrusted) regardless of whether they are physically inside or outside of the network. Which means users must prove themselves trustworthy at every access point. This helps secure our data because even if a cyber-criminal does gain access to a single resource (a room inside the castle) they must reauthenticate again when they attempt to move about the castle (network) to gain access to other resources (data).
In an effort to further secure our data, Connecting Care has begun moving from the Castle and Moat model to the Zero Trust model. Users can expect to be asked to prove authentication by supplying usernames, passwords and access tokens (multi-factor authentication items such as answering a phone call or entering a code from a text message) nearly much more frequently than they have had to in the past and eventually, nearly every time they attempt to move about the "castle".