Zero trust means this solution does not depend on ('trust') hosts or networks (VPNs, firewalls, SD-WAN,etc) to communicate between the Mattermost client and the Mattermost server.

This means:

1. You limit your attack surfaces. Threats on your LAN, WAN or Internet can't communicate with the user computer or the server, e.g. they can't be landing points (attack surfaces) for malware or ransomware.

2. You isolate any damage In a full zero trust architecture, if one app is compromised, then there is no network for the virus to leverage to spread. For example, a ransomware loader can't call home to acquire more robust functionality, and can't find other data on your network to infiltrate and encrypt. This is because the loader is not on a 'trust' network in which it has access simply because it found its way into a network.

Other solutions are open to networks (large attack surfaces) and are susceptible to spreading attacks (as they spread through the 'trusted' network).