In a zero trust model, what is a primary concern regarding network security?

In a zero trust model, a primary concern regarding network security is the requirement for authentication for all network communications. This model operates on the principle of "never trust, always verify," meaning that no user or device, regardless of its location on the network, is inherently trusted. Each request for access to network resources must be authenticated and authorized before any interaction occurs.

This approach addresses the growing recognition that traditional perimeter-based security measures are inadequate against modern threats, as attackers can bypass these defenses and gain access to internal networks. By mandating authentication for all communications, the zero trust model helps ensure that only legitimate users and devices can interact with the network, mitigating risks associated with unauthorized access, insider threats, and lateral movement by potential intruders within the network.

The other options reflect misconceptions about the zero trust model. Relying on trust for users on the internal network undermines the core principle of zero trust. Securing only the perimeter fails to account for threats that originate from within, and suggesting that only critical data needs encryption overlooks the importance of protecting all data to maintain confidentiality and integrity throughout the network.