摘要
开放是互联网的宗旨,封闭是网络安全的需要,基于场景去权衡封闭与开放的关系是应用和安全要考虑的首要问题之一。零信任网络将封闭区间延伸至用户侧和数据侧,从紧靠用户的统一入口,到贴近应用的访问网关,加上控制中心,零信任网络打造了一个全封闭的应用访问系统,最大化封闭区间,最小化数据暴露面,充分保障应用访问安全。所有的实名访问场景,或者说所有对应用访问安全有要求的场景,都将逐步升级到零信任网络的安全框架下,但是零信任之路刚刚开始,在很长的时期内传统安全加零信任的混合状态会一直存在,零信任的落地需要权衡封闭与开放,安全与便利的关系,需要在保障应用访问安全的同时,给予用户最便利的访问方式。
Opening is the tenet of the Internet,and closing is the need of network security.Balancing the relationship between closing and opening based on scenarios is one of the most important issues for application and security.The zero trust network extends the closed domain to user side and data side,from the unified entrance for users to the access gateway which is an agent for applications,zero trust network creates a fully closed application access system,maximizes the closed area and minimizes the data exposure,guarantees the application access security.All scenarios with identity authentication need a zero trust transformation,however,the road of zero trust is just beginning.In a long period,traditional security and zero trust will exist together.The landing of zero trust needs a balance between closing and opening,when ensuring the access security for application,it also needs a most convenient access mode for our users.
作者
王刚
张英涛
杨正权
WANG Gang;ZHANG Ying-tao;YANG Zheng-quan(Jiangsu Enlink Network Technology Co.,Ltd.,Nanjing Jiangsu 210012,China)
出处
《信息安全与通信保密》
2020年第8期78-86,共9页
Information Security and Communications Privacy
