A security model that requires verification of every access request regardless of source, rather than trusting internal networks.