• <abbr id="ck0wi"><source id="ck0wi"></source></abbr>
    <li id="ck0wi"></li>
  • <li id="ck0wi"><dl id="ck0wi"></dl></li><button id="ck0wi"><input id="ck0wi"></input></button>
  • <abbr id="ck0wi"></abbr>
  • <li id="ck0wi"><dl id="ck0wi"></dl></li>
  • Home >

    Zero Trust: The New "Boundary" Of Network Security

    2021/1/1 9:48:00 0

    TrustNetworkSecurityBorders

    In the "Ten Trends of industrial Internet Security (2021)" released recently, "zero trust architecture enters the application promotion period" is listed as one of the ten trends in the future. The report points out that as network protection evolves from traditional border security concept to zero trust concept, zero trust will become the mainstream architecture in the digital security era.

    The so-called "zero trust" is actually a security concept put forward by Forrester analysts in 2010. Its core idea is that by default, anyone / device / system inside or outside the network should not be trusted, and the trust foundation of access control needs to be reconstructed based on authentication and authorization.

    In short, the zero trust strategy is not to trust anyone. The existing traditional access authentication model only needs to know the IP address or host information, but in the "zero trust" model, more explicit information is needed. Requests that do not know the user identity or the authorization path are rejected.

    Although zero trust security has been proposed for a long time, in fact, it did not rise in the field of domestic network security until these two years. In 2019, in the "guidance on promoting the development of the network security industry (Draft)" issued by the Ministry of industry and information technology, zero trust security was listed as the key technology of network security for the first time; the white paper on China's network security industry (2019) released by the China Institute of information and communications also listed zero trust security technology, 5g, cloud security, etc. as China's network security for the first time Technology of all key subdivision fields.

    Focusing on the topic of "zero trust security", 21st century economic report interviewed a number of industry experts. They all said that zero trust security emphasizes never trust and always verify, which is a subversive security concept. It has become a very definite trend in the field of network security. In the future, more and more enterprises will gradually adopt zero trust security framework Structure.

    Security architecture in cloud Era

    In June 2020, under the guidance of the Standards Committee of China Industrial Internet development alliance, Tencent, together with 16 institutions and enterprises, including the national Internet Emergency Center, China Mobile Communications Group Design Institute and the Third Research Institute of the Ministry of public security, jointly established the first "zero trust industry standards working group" in China to promote the demand mining, technology research and development, technical standard development and Promotion and application.

    Cheng Wenjie, general manager of Tencent security, told the 21st century economic report that Tencent introduced zero trust security into Tencent's intranet as early as 2016. Tencent's self-developed zero trust security management system IOA has been verified by Tencent's more than 60000 employees and 100000 service desktop terminals.

    In Cheng Wenjie's opinion, zero trust security has been popular in the past two years because the traditional network boundary is gradually disappearing with enterprises going to the cloud. In particular, the sudden epidemic has forced almost all enterprises to work remotely. In the past, many enterprises may have had concerns about zero trust security, but when the risk gradually expands, they also choose to accept it Zero trust security architecture.

    A research report released by Guoxin Securities in 2020 also pointed out that the rise of cloud and mobile Internet has gradually disintegrated the traditional border defense. This is because the traditional security philosophy takes boundary isolation as the core concept. Through firewalls, IPS and other devices, the "wall" is widely built to protect the intranet, and the internal is safe and trustworthy by default.

    With the rise of cloud applications, some applications of the original enterprise "within the wall" have been moved to the cloud. At the same time, with the popularity of mobile office, the employees who originally worked in the enterprise also gradually went to "outside the wall". After the border security is broken, hackers can infiltrate the internal equipment of the enterprise by various means. Therefore, it is more and more powerless to "build a wall" at the boundary, and new protection methods are urgently needed in the "borderless" era.

    In an interview with the 21st century economic report, Wei Xiaoqiang, vice president of 360 Cloud Security Research Institute, explained the difference between zero trust security and traditional security with an image metaphor. He said that the previous security defense system had boundaries, and the firewall was like the moat of a castle. Everyone outside wanted to enter the castle, he had to pass the inspection of the gate, but after entering, he would Will be the default is trustworthy, can walk around the castle at will.

    "This system was feasible in the past, but now, the office space of enterprise employees may be the airport, Internet cafes and other places, so the situation becomes very complicated." Wei Xiaoqiang said that under the zero trust security framework, people outside the castle or those in the castle are not trusted, and their access requirements need to be verified.

    According to the 2019 zero trust security market popularization industry report released by cybersecurity insiders and zscaler, 62% of the respondents said that the biggest application security challenge at present was to ensure the access security of private applications distributed in the data center and cloud environment.

    This is also the key problem of zero trust. The report also shows that 78% of IT security teams hope to achieve zero trust network access in the future, and 15% of enterprises have implemented zero trust.

    Based on identity

    In fact, the concept of zero trust security has evolved over the past decade. LV Shibiao, vice president of nethouse technology, told the 21st century economic report that at the beginning of the concept, it mainly focused on fine-grained access control of the network through micro isolation, so as to limit the lateral movement of attackers. Later, it gradually formed an identity centered architecture.

    According to Lu Shibiao, zero trust security has three main security features: first, "network stealth, default rejection". Enterprise business application system closes all ports by default, refuses all internal and external access, and only dynamically opens ports to legitimate clients' IP, which can directly avoid any illegal scanning and attacks.

    The second is "continuous verification, authorization on demand". Zero trust security will continuously verify the access behavior of legitimate access users, and dynamically adjust the access rights of users on demand.

    Finally, "micro isolation, minimum access authorization.". Zero trust security follows the principle of minimum authorization and application micro isolation, effectively reduces the attack surface of horizontal attack and avoids attack infection to the greatest extent.

    In this regard, Wei Xiaoqiang also said that zero trust security is actually to remove security from the network, no longer relying on the network, but based on identity. It further pointed out that "any security is not perfect, and loopholes will never be completely eliminated. However, zero trust follows the principle of minimum authorization, which limits the minimum access rights. Therefore, even if the zero trust security defense system is broken, the loss caused by it will be minimized. It is not like that once the traditional security network is broken, it may be a nest of ends."

    Of course, as Wei Xiaoqiang said, zero trust security is not perfect, it also has some disadvantages. "For example, zero trust security authentication and authorization are separate, and authentication is a decision-making process. If the decision-making process is attacked, the whole system will collapse." Wei Xiaoqiang said.

    In Cheng Wenjie's view, the disadvantages of zero trust security include the rising cost and the impact of the reconstruction of security architecture on users' usage habits. "For example, some financial apps need to verify fingerprints every time they open them, which is quite common to us. However, if all apps are strictly verified, it will certainly greatly affect the user's acceptance. Therefore, it is also suggested that enterprises should follow the best practice when introducing zero trust security, comprehensively evaluate users' every visit and behavior and make more intelligent judgment, so as to reduce security risks and avoid affecting users' access experience as much as possible. "

    But on the whole, zero trust security brings more advantages than disadvantages. Cheng Wenjie said that from Tencent's current security practice and customer feedback, zero trust security can greatly improve the enterprise's ability to resist security risks in the process of digital transformation, and the number of security incidents has also declined exponentially.

    Lu Shibiao told reporters that the enterprise IT architecture is changing from "borderline" to "borderless". The zero trust security network based on wide coverage can better meet the security access requirements anytime and anywhere, and replace the traditional VPN from the networking mode, simplify the enterprise IT deployment, and more adapt to the enterprise security access requirements brought by the diversification of office mode in the future.

    From a global perspective, Internet companies are currently the most active introducers of zero trust security. In addition to the Tencent case mentioned above, Google has also implemented the beyond Corp architecture for internal application security access, which enables employees to access the company's applications anytime and anywhere without requiring VPN.

    However, it should be pointed out that although zero trust security is the future development trend of network security, it is more like an ultimate goal. "It is unrealistic for all enterprises to abandon the traditional security architecture and replace it with a zero trust security system. In the same enterprise, different businesses will adapt to zero trust security differently. Therefore, zero trust security and traditional security will coexist for a long time in the future." Wei Xiaoqiang said.

    ?

    • Related reading

    Practicing The Spirit Of Entrepreneurship, Zhongliang Will "Float" The Fragrance Of Books All Over China

    Commercial treasure
    |
    2020/12/31 9:48:00
    0

    Focus On Retail, Zhang Jindong Defines Suning In The New Decade

    Commercial treasure
    |
    2020/12/31 9:45:00
    0

    Baoneng Marketing Promotes The Growth Of C-Terminal Sales In 2020

    Commercial treasure
    |
    2020/12/31 9:45:00
    2

    Cai Guoqiang: To Be An Innocent Boy All His Life

    Commercial treasure
    |
    2020/12/26 11:30:00
    8

    Yang Honghao, Director Of Industry Research Institute Of China Tourism Research Institute: Six Major Trends Of Accommodation Industry Under "Double Circulation"

    Commercial treasure
    |
    2020/12/24 11:25:00
    2
    Read the next article

    Dialogue With Luo Zifa, Chief Inspector Of China Securities Regulatory Commission

    Inspection and law enforcement from scratch, from small to large, from weak to strong, constantly improve the political position, practice market supervision, market-oriented rule of law positioning more and more clear, net

    主站蜘蛛池模板: 免费观看午夜在线欧差毛片| 成人欧美一区二区三区黑人3p| 国产精品综合一区二区三区| 亚洲熟妇丰满多毛XXXX| 99国内精品久久久久久久| 波多野结衣一区二区三区| 大地资源在线资源免费观看| 国产精品玩偶在线观看| 人人妻人人澡人人爽超污| 日韩精品无码一区二区三区AV| 国产精品无码素人福利不卡| 亚洲成av人影片在线观看| 99久久久精品免费观看国产| 每日更新在线观看av| 国产精品天干天干综合网| 亚洲av无码成人精品区狼人影院| 日本三级做a全过程在线观看| 日韩美女拍拍免费视频网站| 国产偷v国产偷v亚洲高清| 久久99国产精品久久99| 麻豆精品久久久久久久99蜜桃 | 麻豆国产在线不卡一区二区| 日韩在线观看视频免费| 国产三级在线播放不卡| 两个人看的www视频免费完整版| 高清影院在线欧美人色| 日本午夜小视频| 午夜影视在线免费观看| 久久99精品免费视频| 精品无码成人久久久久久| 女人18毛片a级毛片| 亚洲欧美在线视频| 99re热久久精品这里都是精品| 精品一区二区三区3d动漫| 在线观看精品国产福利片87 | 久久精品视频2| 色噜噜狠狠狠综合曰曰曰| 日本wwwxxxxx| 免费看美女让人桶尿口| 777丰满影院| 日本边摸边吃奶边做很爽视频|