Verify and trust: A multidimensional survey of zero-trust security in the age of IoT

The zero-trust (ZT) model assumes that all users, devices, and network traffic should not considered as trusted until proven. The Zero-trust model emphasizes the importance of verifying and authenticating every user and device, and limiting access to resources based on the principle of least privilege. Under the principle of the zero-trust model, devices are granted access after they have been successfully presented with their authentication credentials and access rights based on different factors, such as user identity, device health, location, and behaviour. Access controls are then continuously evaluated and updated as user properties, locations and behaviour change. The zero-trust model can be applied in various domains (healthcare, manufacturing, financial services, government etc.) to provide a comprehensive approach to cybersecurity that helps organizations to reduce risk and protect critical assets. This paper aims to provide a comprehensive and in-depth analysis of the zero-trust model, its principles, and its applications, as well as to propose recommendations for organizations looking to adopt this approach. We explore the major components of the zero-trust framework and their integration across different practical domains. Finally, we provide insightful discussions on open research issues within the zero-trust model in terms of the security and privacy of users and devices. This paper should help researchers and practitioners understand the importance of a zero-trust framework and adopt the zero-trust model for effective security, privacy, and resilience of their networks.