“零信任”在云化业务中的安全技术研究

信息安全包含了网络安全、数据安全、应用安全、行为安全等,未来还有更多安全形式出现。过去我们在规避信息安全的风险问题上更多是从网络安全这个层面来考虑的,基本上保护的都是网络和网络设备本身。在业务系统迁移到云上的趋势下,用户更加关注的是云化应用自身的安全和应用产生的数据的安全。基于传统网络安全模型或者网络攻防的安全策略属于被动的防御,是一种被动的安全,组织往往要提前识别可能遭受到的网络攻击风险,然后考虑应对策略。现在和未来,需要一系列的主动安全,比如零信任的安全方案,对于应用安全来说,就是主动安全,通过账号安全将安全边界前移用户侧,可视化技术实现从用户访问上下文行为分析,从而实现零信任的控制接入,控制访问细颗粒度的权限来实现对应用系统的主动防御。

Research on Security Technology of"Zero Trust"in Cloud Business

Information security includes network security,data security,application security,behavioral security,etc.There are more security forms in the future.In the past,in order to avoid the risk of information security,we considered more from the aspect of network security,basically protecting the network and network equipment itself.In the trend of application system migration to the cloud,users pay more attention to the security of cloud application itself and the security of data generated by application.The security strategy based on traditional network security model or network attack and defense belongs to passive defense and is a passive security.Organizations often need to identify potential cyber attacks in advance and then consider corresponding protection strategies.Now and in the future,we need a series of active security.For example,zero trust security solution is active security for application security.Zero trust control access and fine-grained access privileges are used to achieve active defense against application systems.