Which statement best captures the Zero Trust principle in Cloud Native security?

• A. Relying on blanket trust within the internal network after initial authentication.
• B. Perimeter security alone is sufficient to protect resources.
• C. Access controls allow broad internal access.
• D. Never trust any component by default and always verify identities and integrity.

Answer: (D)

Zero Trust is about not granting implicit trust to anyone or anything, even inside the network. In Cloud Native security, every request—whether it comes from a user, a pod, or a service—should be authenticated, authorized, and its integrity verified before it’s allowed to proceed. The statement captures this best by saying never trust by default and always verify identities and integrity. In practice this means using strong, verifiable identities for humans and services (like OIDC for users and SPIFFE IDs for workloads), employing short-lived credentials, and securing service-to-service communications with mutual TLS. Access decisions are made per request and continuously enforced with least-privilege policies, often backed by dynamic policy engines and observability to detect anomalies. In Kubernetes and other cloud-native patterns, this translates to not trusting internal traffic by default, enforcing strict admission and network policies, and validating every interaction rather than assuming the internal network is safe.