What is the zero trust security model in a Cloud Native context?

• A. An environment that always trusts authenticated components
• B. A network perimeter-based security model that blocks unauthorized access
• C. A system that trusts identities by default after initial authentication
• D. An environment that never trusts any components and always verifies identities and integrity

Answer: (D)

Zero Trust means never trusting by default; in a Cloud Native world, every request between services, every API call, and every workload must be authenticated, authorized, and its integrity verified, regardless of where it originates. Because workloads are ephemeral and dynamic, you rely on strong workload and service identities (for example, SPIFFE IDs) and mTLS to secure all service-to-service communications. Policies are enforced continuously at runtime—through a service mesh, API gateway, and dynamic authorization (often with tools like OPA/Gatekeeper)—and follow the principle of least privilege so that each request gets only what it needs. This approach contrasts with relying on a network perimeter or assuming trust after an initial authentication; zero trust requires ongoing verification for every interaction and does not allow implicit trust of components.