Glossary
Zero Trust
A security architecture philosophy summarised as "never trust, always verify" — every access request is authenticated and authorised explicitly, regardless of network location.
Zero Trust is an architectural philosophy, not a product. It replaces the traditional perimeter model — where being inside the corporate network implied a degree of trust — with a posture that treats every access request as untrusted until proven otherwise, regardless of where it originates.
The shift matters because the perimeter dissolved years ago: staff work from home, applications live in SaaS, and the corporate firewall protects an increasingly empty office.
The three principles
- Verify explicitly — authenticate and authorise every request based on identity, device health, location, and behaviour. No implicit trust from network position.
- Least-privilege access — grant the minimum access needed, just-in-time, for just the duration required.
- Assume breach — design controls assuming an attacker is already inside. Segment networks, log everything, watch for anomalies.
What it looks like in practice for an Australian SMB
You can’t buy “a Zero Trust.” You build toward it incrementally. The realistic stepping-stones for an SMB:
- Phishing-resistant MFA on identity (Microsoft Entra ID).
- Conditional Access policies gating access by device compliance and risk.
- EDR on every endpoint with behavioural detection.
- DNS filtering to block known malicious destinations.
- Network segmentation between user, server, and guest traffic.
Symsafe sequences these as part of the cybersecurity uplift roadmap, prioritised against the client’s current Essential Eight maturity and risk profile.