Придибайло, О.Б. and Придибайло, Р.В. and Яскевич, Владислав Олександрович and Яскевич, Юрій Владиславович (2024) Zero trust architecture logical components and implementation approaches Зв’язок (3(169)). pp. 7-11. ISSN 2412-9070
![]() |
Text
V_Yaskevych_Y_Yaskevych_Zvyazok_3_169_2024_2_FITM.pdf Download (3MB) |
Abstract
Zero Trust Architecture (ZTA) is a contemporary cybersecurity approach that challenges the traditional perimeter-based security model. In the zero-trust model, organizations do not automatically trust any user or device, regardless of whether they are inside or outside the corporate network. Instead, it assumes that threats can come from both internal and external sources, and it verifies every user and device attempting to access resources. Here are the key principles of this software development trend: • Identity verification: individuals need to authenticate their identity before gaining access to resources. This often includes multi-factor authentication and reliable verification methods. • Least privilege access: users are granted the minimum access required to perform their tasks. Access is limited only to essential elements, reducing the potential impact of a security breach. • Micro-segmentation: involves segmenting the network at a granular level, allowing isolation and protection of individual resources. • Data encryption: encryption is applied both during transmission and at rest to safeguard data from unauthorized access. • No implicit trust: applying the principle of "never trust, always verify," meaning verification is necessary at every stage of access. The article discusses modern challenges and approaches to cybersecurity amidst the rapid development of cloud technologies. Specifically, it analyzes the shift in container usage in software deployment and its impact on the cybersecurity model. Security approaches based on the concept of Zero Trust Architecture (ZTA) are highlighted in the context of new demands and opportunities. The article elaborates on key logical components of ZTA, such as policy mechanism and policy administrator, pointing out their interaction in creating a secure environment. It also provides an overview of data sources used for creating access policy rules and their consideration in ZTA mechanisms. Additionally, approaches to implementing ZTA for operational workflows in corporate environments are proposed: enhanced identity management, logical micro-segmentation, and network-based segmentation. Each of these approaches has its advantages and is considered based on the needs of individual organizations.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | architecture; cybersecurity; enterprise; network security; zero trust; zero trust architecturе; policy; policy mechanisms |
Subjects: | Статті у періодичних виданнях > Фахові (входять до переліку фахових, затверджений МОН) |
Divisions: | Факультет інформаційних технологій та математики > Кафедра комп'ютерних наук |
Depositing User: | Владислав Олександрович Яскевич |
Date Deposited: | 06 Nov 2024 14:07 |
Last Modified: | 06 Nov 2024 14:07 |
URI: | https://elibrary.kubg.edu.ua/id/eprint/50065 |
Actions (login required)
![]() |
View Item |