The Moat That Promised Safety
The old kingdom had one great moat around its outer wall. Whoever crossed the moat was trusted everywhere inside. The assumption was: to cross the moat, you must be one of us. Inside the wall, doors were left open. Servants moved freely between the stables, the kitchen, the treasury, and the throne room. Then Antarvedhi arrived. She had not breached the outer wall — she had convinced a legitimate guard to bring her across. She now moved inside the trusted zone freely. By evening, she had walked into the treasury with a servant's robe and an open door. The moat had been perfect. The interior was undefended. The assumption that inner meant trusted had been the failure.
“The castle-and-moat model fails the moment a single perimeter breach gives access to everything inside.”
The New Philosophy: Assume Breach
The king summoned Pariksha the questioning gate and Khandita the divider. Together they redesigned the kingdom around one assumption: Antarvedhi is already inside. Every zone was treated as if it could be accessed by someone who had no right to be there. Every door asked: "Who are you? What device are you using? Are you authorised for this room specifically?" Not "Did you cross the moat?" The moat still existed, but it was no longer the only question asked. Pariksha was placed at every internal door, not just the outer gate. The kingdom stopped trusting network location and started trusting verified identity.
“Zero Trust assumes breach. Verify every request — identity, device, context — regardless of where it originates.”
The Map of Small Zones
Khandita divided the kingdom into zones so small that access to one zone granted access to nothing else. The kitchen was its own zone. The stables were their own zone. The treasury was its own zone. Moving from kitchen to treasury required a new authorisation at Pariksha's gate — the same gate a stranger would face. A servant who legitimately worked in the kitchen would face identical scrutiny when approaching the treasury, because the kitchen servant had no business in the treasury. This was microsegmentation. Even if Antarvedhi compromised the kitchen, she would find a locked door to the treasury behind it, not an open corridor. Lateral movement — an attacker moving from one compromised zone to adjacent zones — became dramatically harder.
“Microsegmentation limits blast radius. Compromise of one zone must not imply access to any other.”
The Inspector Who Checked the Device, Not Just the Face
Pratyek the inspector noticed that the original gate had checked identity but not the health of the visitor's tools. A guard with a valid face but a sick horse — a device known to be compromised — was still admitted. Pratyek added device posture checks: each visitor's horse was inspected for signs of illness before every entry. A legitimate servant entering with a device that had not applied security patches, or that was missing required configurations, was held at the door until the device was repaired. Identity without device health was half a check. An attacker who stole a servant's identity but entered from an unmanaged device would fail the posture check.
“Zero Trust checks both identity and device health. A trusted identity on an untrusted device is not a trusted session.”
The Log That Remembered Everything
After the new system was installed, the kingdom kept a complete log of every entry, every denial, every identity check, and every device inspection. Antarvedhi tried again. She obtained a valid identity and a healthy device. She crossed the outer wall. She reached the treasury door. Pariksha asked her to justify why a kitchen servant needed treasury access. She had no justification. The access was denied. The denial was logged. The investigation that followed — tracing her path from the outer wall to the treasury door — was read entirely from the log. Zero Trust policies work because of visibility. Every request is a data point. Anomalies are detectable. Attackers have nowhere to move invisibly.
“Zero Trust is also an observability model. Every access decision is logged, and anomalous patterns are detectable.”
🪔 Deepak — the lamp of meaning · what this fable means in code
Zero Trust Architecture rests on three principles: verify explicitly (always authenticate and authorise using all available data points — identity, location, device health, service/workload, data classification, anomalies); use least privilege access (limit user access with just-in-time, just-enough-access, risk-based adaptive policies); assume breach (minimise blast radius with microsegmentation, encrypt end-to-end, use analytics to get visibility and drive threat detection). Key components: identity as the control plane (Entra ID / IAM), device compliance checks (Intune/MDM), microsegmentation (NSGs, private endpoints, service mesh policies), continuous session validation (CAE, adaptive policies), and comprehensive audit logging. BeyondCorp model: the network is untrusted; access is granted based on the identity of the user and the device, not its network position.

