This article explores the feasibility of applying the Zero Trust concept in the field of the Internet of Things (IoT), which, in the context of increasing cyber threats and data sensitivity, has become a key direction for enhancing information system security. Traditional perimeter-based security paradigms, which assume trust in internal network components, are no longer effective in countering modern threats—particularly within IoT environments where devices often have limited resources, lack continuous monitoring mechanisms, and involve complex interconnections. Zero Trust, as a security architecture concept, is based on the principle of "never trust, always verify" and requires mandatory verification of all users, devices, and services, regardless of their location within the network. The article provides a detailed analysis of the theoretical foundations of Zero Trust, including principles of identification, multi-factor authentication, microsegmentation, least privilege access, continuous monitoring, and dynamic access control. A comparative overview of traditional and Zero Trust approaches in the context of IoT security is presented, along with an outline of the technical challenges associated with their integration. Based on a review of current scientific literature and practical examples, it is established that implementing Zero Trust in IoT environments requires specialized solutions, particularly lightweight security protocols, trusted computing modules, dynamic key management, and centralized access control systems. The paper proposes a conceptual model of Zero Trust architecture for IoT infrastructures that accounts for device limitations and communication patterns, and defines an adaptive access control algorithm based on behavioral characteristics. The findings demonstrate that implementing Zero Trust in the IoT domain is not only feasible but also advisable from the standpoint of reducing unauthorized access risks, minimizing the attack surface, and enhancing the overall security posture of digital ecosystems. The results may serve as a foundation for developing IoT security policies, especially in critical infrastructure, industrial networks, and smart environments, where threats to confidentiality, integrity, and availability are particularly significant.
Mankovskyi et al. (Fri,) studied this question.