Zero-Trust Security — Part 2: Getting Started with Zero-Trust Security

Technology Usage With Zero-Trust Security Architecture

Implementing Zero-Trust Security

Implementing a Zero-Trust Security Practice Step-by-Step

  • Assess your system to identify which areas need the most security measures. This should include the types of applications, the access zones, and the cross-communication between cloud resources.
  • Use analytics to filter out breach ratios and segment the zones
  • Separate and define more prominent access roles based on the minimum required access policy
  • Train security professionals for O&M
  • Strategize a zero-trust network policy based on data and transaction flow
  • Mapping your application information flow will help you enable a more-refined approach for implementing security
  • Build a zero-trust practice by design
  • Create rules and policies for granting access to users, devices, and applications
  • Closely monitor the network and setup observability

What to Expect

A Pinch of Familiarity

  • The zero-trust security model does not allow the assignment of multiple roles and permissions for a single subject (user, device, or application.)
  • The zero-trust model applies the basic principles of role-based access control and a single source of authentication or authorization for all.
  • The inclusion of user and entity behavior analytics enables the zero-trust security model to implement a certain control structure by analyzing the behavior of a user, system, or device to understand and differentiate between normal and abnormal patterns.
  • It separates sensitive data (or systems) and enables special access protocols by implementing solutions, such as Alibaba Cloud Sensitive Data Discovery and Protection (SDDP).
  • The zero-trust security model also implements an attribute-based authentication mechanism that includes multi-factor authentication, biometric access, application-based access, and certificates.

In the End — What Matters?

Upcoming Articles

  1. Zero-Trust Security — Part 3: Zero-Trust Security With Cloud-Native Microservices and Containers

Original Source:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com