What is "Zero Trust" ?
The Traditional Approach: The Bank Pass Analogy Traditional network security is like holding a single pass to enter a bank. Once you’re through the front door, you can move freely between the vault, the counters, and the VIP rooms without further checks. This creates an environment of “implicit trust” that hackers love to exploit.
The Zero Trust Architecture: A Better Way Zero Trust operates on a different premise: it assumes that any person or device could be compromised. Think of it as having a security guard at every vault door and a check for every single transaction. Beyond just checking your ID, the system continuously evaluates your current credit status, transaction habits, and even ensures the ATM itself hasn’t been tampered with.
The Core Practices of Zero Trust
Continuous Verification
Regardless of whether the connection is internal or external, every access request undergoes a re-evaluation of identity, device health, and risk scores.
Adaptive Access Control
Authorizations are granted dynamically for every request. The system decides whether to allow access or require enhanced authentication based on real-time risk assessments.
Micro Segmentation
Much like a bank vault divided into many smaller compartments, micro-segmentation ensures that even if one area is breached, attackers cannot easily perform lateral movement to compromise other sections.
Government Zero Trust Architecture
In 2020, the National Institute of Standards and Technology (NIST) published <SP 800-207>, laying the global foundation for Zero Trust development.
In 2024, the National Academy of Cyber Security (NACS), under Taiwan’s Ministry of Digital Affairs (moda), announced the “Government Zero Trust Architecture.” This set of specifications standardizes Zero Trust implementation for government agencies, providing a clear framework for both the public and private sectors to follow.
The TrustONE ZTA (Zero Trust Architecture) is fully compliant with the NACS standards. Built around a core Policy Engine, it utilizes the TrustGate Access Gateway to provide real-time, encrypted, and verified connection tunnels. TrustONE ZTA is designed for both internal and external online services, as well as core servers and Critical Information Infrastructure (CII)—achieving a perimeterless security model that does not rely on any single point of failure.
The Three Pillars of Zero Trust
Identity Authentication
Verify and govern user identities.
TrustONE ZTA supports Multi-Factor Authentication (MFA) via Email or OTP, as well as FIDO-compliant biometric authentication for maximum security.
Device Verification
Verify and govern user identities.
TrustONE ZTA supports Multi-Factor Authentication (MFA) via Email or OTP, as well as FIDO-compliant biometric authentication for maximum security.
Trust Inference
Grant or deny access based on real-time risk scores.
Trust is inferred based on connection time, location, and device environment. TrustONE ZTA can also integrate risk assessments from EDR and XDR solutions to make informed, dynamic access decisions.
TrustONE ZTA Operational Architecture
FIDO Passwordless Authentication
The Flaws of Traditional Passwords Traditional password-based authentication forces users to memorize numerous complex strings, yet it remains fundamentally insecure. Hackers can easily exploit passwords through brute-force attacks, phishing, or by using leaked credentials from previous breaches.
The TrustONE Solution: AAL3-Certified Security TrustONE supports FIDO-standard passwordless authentication, elevating your security to the AAL3 (Authenticator Assurance Level 3) mechanism. Users can log in using physical tokens, PIN codes, or pre-bound mobile devices for seamless fingerprint and facial recognition. Passwordless authentication eliminates “password fatigue” and completely eradicates the risks associated with credential leaks.
Token / Smart Card
Utilize a bound USB Token, NFC card, or chip card as a cryptographic key. These keys are unclonable and impossible to forge, requiring physical connection for every session. TrustONE ZTA also supports tokens integrated with fingerprint sensors.
Windows Hello
Leverage Windows Hello to authenticate users through facial recognition, fingerprint scanning, or local PIN codes as a secure basis for identity verification.
Mobile FIDO (App-less)
Bind an Android or iOS device (no App installation required) to your identity. For every verification, the user simply unlocks the bound device via biometrics (Face/Touch ID) to instantly complete TrustONE authentication.
TPM-Based Device Authentication
The Challenge of Device Control In traditional security management, enforcing “Authorized Device Only” access has always been a significant challenge for IT administrators. Standard software-based restrictions are often easily bypassed or spoofed.
The TrustONE Solution: Hardware Root of Trust TrustONE ZTA provides a robust device verification mechanism based on the Trusted Platform Module (TPM). By extracting a unique, hardware-bound “fingerprint” from the connecting device, we ensure that the source of the connection is verified and immune to spoofing or forgery.
TrustONE ZTA: Trust Inference Engine
Dynamic Decision Making TrustONE ZTA calculates trust levels based on source IP, connection time, geographic location, and device health. This inference acts as the decisive factor for allowing or denying access, enabling the immediate blocking of high-risk connections.
Intelligent Anomaly Detection Administrators can manually define authorized access windows, or leverage TrustONE ZTA’s behavioral learning capabilities. By analyzing user patterns, the system proactively detects and flags anomalous connection attempts that deviate from the norm.
Comprehensive Compliance & Risk Scoring The engine continuously monitors endpoint integrity—including OS version, patch status, antivirus activity, and GCB (Government Configuration Baseline) compliance—to generate a dynamic trust score. Beyond real-time threat mitigation, TrustONE ZTA provides administrators with actionable risk assessment data for long-term security governance.
Source IP & Geo-location
Operating System (OS) Patch Status
Connection Timeframe
GCB / GPO Compliance Status
Antivirus / Anti-Malware Status
EDR / XDR Telemetry Integration
Comprehensive Support for SAML 2.0 and OIDC
TrustONE ZTA fully supports SAML 2.0 and OIDC protocols, offering maximum flexibility for your identity infrastructure. It can function as an Identity Provider (IdP) to provide external authentication for your existing services, or act as a Service Provider (SP) to retrieve identity information from your current authentication systems.
By implementing TrustONE ZTA, you gain more than just high-spec connection protection—you can rapidly deploy Single Sign-On (SSO) across multiple applications. If your organization already utilizes an SSO service, TrustONE can seamlessly integrate with it. This ensures that users maintain their existing login habits, effectively eliminating the operational friction and “growing pains” often associated with upgrading security architectures.
AD/ADFS Sync
Sync organizational roles and permissions automatically.
SSO Integration
Effortlessly link with your current SSO environment.
Native SSO Provider
Deploy Single Sign-On for all your enterprise apps.