What is one of the key principles of Zero Trust security?

One of the key principles of Zero Trust security is to verify every request as though it originates from an open network. This approach stems from the understanding that threats can come from both outside and inside an organization. Zero Trust operates on the premise that no user or device should be trusted by default, regardless of whether they are located within or outside the organization's network perimeter.

By treating every access request as if it’s coming from an unsecured network, organizations can better defend themselves against potential threats, including those posed by compromised internal accounts. This includes rigorous authentication checks, continuous monitoring, and strict access controls to ensure that only legitimate users can access sensitive data or systems.

The other options suggest approaches that do not align with the zero trust principle. Always trusting users inside the network undermines the core tenet of zero trust by assuming internal users are safe, which can create vulnerabilities. Using static credentials for all users poses a risk, as static passwords can be stolen or compromised, while limiting access based on job role only may not account for the need for dynamic access based on the user's context and behavior.