Data: the strategy of classifying, labeling and encrypting data (emails and documents).Policy examples include access to the following data, apps, infrastructure, and network At the same time, the scope and preparation of SPE policy determination can be enhanced by combining with thread intelligence. Security policy enforcement: through the collected user identity, status, device information, status, and identity, the SPE policy can be comprehensively determined.In addition, the device will also have corresponding identity To prove the identity of the equipment the equipment will have the corresponding equipment status, equipment risk to determine The information of these devices, including IP address, MAC address, installed software, operating system version, patch status, etc., is stored in device inventory. Device identity: the device contains the company’s devices and devices without unified management.Multi factor authentication includes soft, hard token, SMS, human characteristics, etc User identity: then through the authentication of identity provider (the component of creating, maintaining and managing user identity), the account password can be used in the process of re authentication, and the MFA (multi factor auth) multi factor authentication can also be used.From the perspective of the system, it covers applications such as end, cloud, on premises, SaaS, etc. Traditional concept of zero trust and its current implementation Microsoft AzureĪzure’s zero trust is relatively perfect. This paper focuses on the technical analysis of the zero trust security architecture under kubernetes. the cloud zero trust system is still a new technology trend direction, and the same zero trust model is also applicable to kubernetes. Its essential demand is identity centric access control.Īt present, the concept of landing zero trust includes Google beyond Corp, Google alts, azure zero trust framework, etc. Zero trust subverts the paradigm of access control, and guides the security architecture from “network centric” to “ identity centric”. Such as IP address, host, geographic location, network, etc. The core idea is that no one / device / system inside or outside the network should be trusted by default, and the trust foundation of access control needs to be reconstructed based on authentication and authorization.
Zero trust security re evaluates and re examines the traditional border security architecture, and gives new suggestions to the security architecture. Zero trust security was first proposed in 2010 by John goldwig, chief analyst of Forrester, a famous research institution.
0 kommentar(er)
