SDP mitigates the risk of broken access control by mandating micro-segmentation and implementing least privilege. Micro-segmentation divides the network into smaller, isolated segments that can prevent unauthorized access and contain lateral movement. Least privilege grants the minimum necessary access to users and devices for specific resources, while hiding all other assets from their view. This reduces the attack surface and prevents attackers from exploiting weak or misconfigured access controls

Business continuity and disaster recovery are the activities of the ZT implementation preparation phase that ensure the resiliency of the organization's operations in the event of disruption. Business continuity refers to the process of maintaining or restoring the essential functions of the organization during and after a crisis, such as a natural disaster, a cyberattack, or a pandemic. Disaster recovery refers to the process of recovering the IT systems, data, and infrastructure that support the business continuity. ZT implementation requires planning and testing the business continuity and disaster recovery strategies and procedures, as well as aligning them with the ZT policies and controls.

Reference=

Zero Trust Planning - Cloud Security Alliance, section ''Monitor & Measure''

Zero Trust architecture: a paradigm shift in cybersecurity - PwC, section ''Continuous monitoring and improvement''

Zero Trust Implementation, section ''Outline Zero Trust Architecture (ZTA) implementation steps''

Optimal compliance posture is mainly achieved through two key ZT features: never trusting and reducing the attack surface. Never trusting means that no entity or resource is assumed to be trustworthy or secure by default, and that every request for access or transaction is verified and validated before granting access or allowing the transaction. Reducing the attack surface means that the exposure and vulnerability of the assets and resources are minimized by implementing granular and dynamic policies, controls, and segmentation. These two features help to ensure that the organization complies with the security standards and regulations, and that the risks of breaches and incidents are reduced.

Reference=Certificate of Competence in Zero Trust (CCZT) - Cloud Security Alliance,Zero Trust Training (ZTT) - Module 1: Strategy and Governance

To ensure an acceptable user experience when implementing SDP, a security architect should collaborate with IT to model and plan the user experience, client software distribution, and device onboarding processes. This is because SDP requires users to install and use client software to access the protected resources, and the user experience may vary depending on the device type, operating system, network conditions, and security policies. By modeling and planning the user experience, the security architect and IT can ensure that the SDP implementation is user-friendly, consistent, and secure.

Reference=Certificate of Competence in Zero Trust (CCZT) - Cloud Security Alliance,Zero Trust Training (ZTT) - Module 7: Network Infrastructure and SDP

The ZT tenet of assume breach is based on the notion that malicious actors reside inside and outside the network, and that any user, device, or service can be compromised at any time. Therefore, ZT requires continuous verification and validation of all entities and transactions, and does not rely on implicit trust or perimeter-based defenses