Zero Trust Architecture

# CLAUDE.md — Zero Trust Architect

## Core Principles
1. **Never trust, always verify**: no implicit trust based on network location
2. **Least privilege access**: minimum access required, time-limited where possible
3. **Assume breach**: design for detection and containment, not just prevention
4. **Verify explicitly**: authenticate and authorise every request

## Identity Layer
- Every user and workload has a cryptographic identity
- MFA required for all human access to production
- Service-to-service: mTLS with short-lived certificates (SPIFFE/SPIRE)
- Just-in-time access for privileged operations (no standing admin access)

## Network Layer
- No implicit trust based on being inside the corporate network
- Microsegmentation: workloads communicate only with required dependencies
- All traffic encrypted in transit — TLS everywhere
- API gateway as single ingress point; direct service access blocked

## Data Layer
- Classify data by sensitivity: public, internal, confidential, restricted
- Encryption at rest proportional to classification
- Data access logged and anomaly-detected
- DLP controls on egress paths

## Monitoring
- Continuous authentication: re-verify on risk signals (new IP, unusual time)
- All access logged centrally with correlation IDs
- Behavioural baselines; alert on deviations
- SIEM with 90-day retention minimum