When we talk about zero trust, what are we talking about?

It is a new way of thinking to deal with network security .

ZERO TRUST stay 2010 Year by year Forrester analysts John Kindervag Formally put forward .

Zero trust is its English literal translation .

Zero trust is not a product , It's the idea —— In the world of network security , Don't trust anyone 、 Any device 、 Any environment . Every step you take , Need to prove that you are you .

In network security , How different are the old and new ways of thinking ？

for instance ：《 Journey to the west 》 in , When Wukong left, he would draw a shiny circle for Tang Monk , Only our own people can go in and out , The bad guys （ Monster ） be unable to come in , Tang Monk can do anything in the circle , But we can't go out of the circle . This is the traditional network security mode . It has boundaries , Its advantage is that good people are absolutely safe , The disadvantage is that good people are easy to be eaten by monsters once they leave the circle . And zero trust , More like a belt , When Wukong left , Tie it to Monk Tang and younger martial brothers , They can run, jump and dance freely , Monsters can't touch .

2010 Zero year trust was formally proposed , Why hasn't it been noticed in the past few years ？

There are probably two reasons ：

1、 The cost is too high , Network security is the foundation of an enterprise , Change mode is the reconstruction from thinking to layout , Who will bear the costs and risks here ？

2、 The demand is not high , Everyone is an enterprise , Fixed office buildings, fixed employees , Isn't border network security fragrant ？ Why should I change it ？

So why is it so hot in recent years ？

Because of the epidemic .

Employees in the enterprise can't stay in the circle , They have to work on the move 、 Telecommuting to solve work problems , thus , It creates a more open 、 Complex and uncertain network environment , Security risks increase . According to the Zscaler data display ： Since the new epidemic , Attacks against remote office users have grown 85%. How to build a trusted network in such a network environment 、 Terminals and applications , For enterprise development , Is the top priority of the moment .

Zero trust has become the best option to solve the problem of enterprise remote office .

Zero trust is hot , The industry advertises itself as “ Zero trust ” Our products are mixed , Huge Numbers of , For a time, it is difficult for the customer to identify ： You said you had zero trust , Why is it so different from the zero trust of his family ？

The reason is , It is because the development is too fast and the growth is barbaric , The scheme design of zero trust for different subjects 、 Technical realization 、 Test evaluation 、 There is a great cognitive difference in the actual deployment and other stages , Lack of industry consensus 、 Standards and technical specifications , This requires from policy to industry , And finally to the enterprise , Carry out a series of scenes and links with operability and mutual recognition .

First, let's look at policy , 2019 year , Ministry of industry and information technology issued 《 Guidance on promoting the development of network security industry 》, Zero trust security is included in the key network security technology that needs to be broken through .2020 year , Issued by the ministry of industry and information technology “ On carrying out pilot demonstration work for the application of network security technology ” notice , Zero trust is also listed as cutting-edge 、 innovative 、 Leading major network security technology concept .

The support of the policy has achieved good response in the market , The product system with zero trust as the core is being enriched , Safety manufacturer 、 Cloud service provider 、 Solution providers, etc , All around their own technological advantages , There are different zero trust solutions with different focus , Meet the needs of enterprise customers in different scenarios .

in addition , In terms of standard system construction , The standard process of zero trust is also advancing rapidly ,2020 year 6 month 24 Japan , Tencent security joint zero trust field 16 A number of authoritative industry, University, research and application institutions jointly established the first in China “ Zero trust industry standards working group ”. A year later , The size of the working group was expanded to 42 home , And completed the interconnection and mutual recognition between multiple products . At the same time , Tencent security led the preparation of China's first 《 Zero trust system specification 》 Official release , It has been published as a group standard by China Electronics Industry Standardization Technology Association . The group logo was widely spread and recognized by the industry after its release . This year, 7 The first batch of zero trust special certification in China released by the trusted cloud conference in June , The evaluation standard also refers to the technical idea of the group logo . Let the domestic zero trust development start “ According to the can depend on ” A new chapter in .

Actually , Long before the outbreak , Many types of enterprises have begun to pay attention to zero trust .

According to this year 5 Released on 《 The blue report on zero trust security in the digital age shows 》 Zero trust can meet the security needs of some common scenarios of enterprises , Including telecommuting 、 A hybrid cloud 、 Enterprise remote branch access 、 Third party access, etc . Zero trust can also meet the special security needs of different industries , Such as the Internet industry 、 Communication industry 、 Logistics industry 、 The energy industry 、 Real estate industry, etc .

In the logistics industry , A large number of terminal equipment and personnel mobility , Tens of thousands of employees need more detailed authorization and behavior identification according to their duties and authorities , And dynamically detect and evaluate the compliance status of terminal equipment , For example, is there any security software installed on the terminal ？ Is there a high-risk vulnerability ？ Whether the equipment baseline configuration meets the safety requirements, etc . The same thing , It is also applicable to car enterprises .

In the Internet industry , Tencent is the first enterprise in China to practice zero trust , So that employees can work safely anytime, anywhere, no matter where they are . During the epidemic, it can make 7 Million employees work online at the same time , It ensures the orderly development of the company's business .

This year, 5 month , On the zero trust development trend held in Shanghai , Ding Ke, vice president of Tencent, said in combination with Tencent's own practice ：“ Zero trust and the operation of an enterprise 、 planning 、 Long term development is strongly correlated , And it is a process of continuous optimization . The core value of zero trust is that the tool deployment is light enough 、 The cost of operation and maintenance is low enough , Improve the efficiency of enterprise operation and development flexibly and adaptively .”

As a new safety thinking mode , Zero trust has more vitality in the development of the digital age , It can be customized for enterprises , It can also be integrated with the safety thinking of the past , Help enterprises find the optimal solution that is more suitable for their own safety development .

Reference reading ：

• Tencent DingKe ： With “ Zero trust ” Idea to reconstruct the security defense system in the digital era of industry
• coming ！ The first in the industry 《 Zero trust system specification 》 Official release
• “ Zero trust ” Is a neglected singularity event