Zero Trust: Risks and Research Opportunities
• White Paper
Software Engineering Institute
This paper describes research opportunities in the field of zero trust (ZT), a cybersecurity paradigm that focuses on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.
To understand what areas of zero trust research could be beneficial for the Software Engineering Institute (SEI) to pursue, we developed a notional U.S. government agency. We used this agency to develop an operational vignette to help understand the nodes and actors that would interact with the agency in a hybrid cloud ZT environment.
We then developed three mission threads that highlight risks and research areas to consider for zero trust environments.
This paper describes the resulting mission threads, risks, and future research areas.