Abstract: As the industry’s interpretation of the zero-trust security concept continues to be updated, its theoretical foundation and core technologies are continuously improved, and it has gradually evolved into a new generation of security architecture covering cloud environments, big data centers, microservices and other scenarios. Based on the concept of "taking password as the cornerstone, identity as the center, authority as the boundary, continuous trust assessment, and dynamic access control", the identity management of business platform access subjects is carried out, and unified authorization management and audit services are linked to provide network access. It provides identity authentication and permission control, behavior analysis and responsibility identification for scenarios such as entry control, application access control, and data acquisition services, and realizes closed-loop security management and control capabilities that guarantee the full life cycle of terminal security, transmission security, and data security.
Content directory:
1 Research background
2 Development status
3 Zero Trust Concept
3.1 Using password as the cornerstone
3.2 Identity-centered
3.3 Use permissions as boundaries
3.4 Continuous Trust Assessment
3.5 Dynamic access control
4 Zero Trust Application Solutions
4.1 Cryptocurrency service infrastructure
4.2 Electronic certification infrastructure
4.3 Trusted identity management and control platform
4.4 Zero Trust Gateway Management Platform
4.5 Environment Perception Center
4.6 Policy Control Center
5 Conclusion
With the continuous expansion of application scenarios for emerging technologies such as cloud computing, big data, and the Internet of Things, enterprise network architecture is transforming from "bordered" to "borderless", and traditional security boundaries are gradually disintegrating. The continuous advancement of new infrastructure represented by 5G and the industrial Internet will further accelerate the evolution of "dynamic boundaries." The traditional perimeter-based network security architecture assumes or defaults to a certain extent that the corporate intranet is safe. It uses security products such as firewalls, web application firewalls, and intrusion prevention systems to highly protect network exits, while ignoring the security of the corporate intranet. Safety.
In order to cope with the outdated concept of traditional border security and the security challenges brought by new technologies, a new network security technology architecture "zero trust technology" has gradually come into public view. Zero trust architecture is an end-to-end network security system.