Imagine a campus where every classroom door remained locked until students presented their IDs and confirmed their schedules. That’s the essence of zero trust architecture, an approach to cybersecurity that verifies every request for access to digital resources.

Unlike its physical campus, a university’s online environment is subject to constant threats by intruders looking to slip in and steal identities, data, or dollars. Zero trust architecture anticipates cyberattacks and aims to prevent unauthorized entry into university systems.

This level of security is essential given that people access systems with a variety of devices (including personal devices they manage), on networks with different levels of security, and from on- and off-campus locations. It recognizes that a single breached email account, for example, can trigger a widespread cyberattack.

Key principles of zero trust architecture include:

Limiting access: Administrators of university systems let individuals access the tools they need to study or work—no less, no more. This is consistent with the university’s defense-in-depth strategy, which spells out enterprise, service provider, and end user responsibilities for security.

Verifying users: Multifactor authentication is central to zero trust architecture. Requiring Two-Step Login/Duo for most university systems helps prevent logins with stolen credentials.

Monitoring networks and devices: Security is a shared responsibility. Anyone who accesses university systems and data should understand cyber- and data-security fundamentals and work with local IT support and the ITS or UI Health Care help desks on device management.

While security measures sometimes may seem inefficient or inconvenient, they’re necessary in a networked world. Zero trust architecture takes nothing for granted and helps keep all of us safer online.