Buck, C.C.BuckOlenberger, C.C.OlenbergerSchweizer, A.A.SchweizerVölter, F.F.VölterEymann, T.T.Eymann2022-03-062022-03-062021https://publica.fraunhofer.de/handle/publica/27032610.1016/j.cose.2021.102436In response to weaknesses of current network security solutions, the zero-trust model follows the idea that no network â whether internal or external â is trustworthy. The concept of zero-trust is enjoying increasing attention in both research and practice due to its promise to fulfil complex new network security requirements. Despite zero-trust's advantages over traditional solutions, it has not yet succeeded in replacing existing approaches. Uncertainty remains regarding the concept's distinct benefits and drawbacks for organisations and individuals, which hinders a holistic understanding of zero-trust and wide-spread adoption. Research can make valuable contributions to the field by systematically providing new insights into zero-trust. To support researchers in this endeavour, we aim to consolidate the current state of the knowledge about zero-trust and to identify gaps in the literature. Thus, we conduct a multivocal literature review, analysing both academic and practice-oriented publications. We develop a research framework for zero-trust to structure the identified literature and to highlight future research avenues. Our results show that the academic literature has focused mainly on the architecture and performance improvements of zero-trust. In contrast, the practice-oriented literature has focused on organisational advantages of zero-trust and on potential migration strategies. However, economic analyses and user-related studies have been neglected by both academia and practice. Future research may rely on our findings to advance the field in meaningful ways.en004005006journal article