Digital transformation is a double-edged sword, with both reward and risk. More and more organizations are adopting digital approaches to improve productivity and enjoy the huge dividends of digital transformation, but at the same time, the associated cybersecurity issues are gradually emerging.
On December 10th, the 2021 (11th) Telecom and Internet Industry Cyber Security Annual Conference sponsored by the Association of Communications Enterprises and the China Academy of Information and Communications Technology was successfully held in Wuhan, and Zhao Mayu, CTO of the Service Operators Division, was invited to attend the "Innovative Security Technology Forum" and expressed his views and insights related to zero trust in the operator industry.
Image source: Organizer of the 2021 (11th) Annual Conference on Cyber Security in the Telecommunications and Internet Industry
Borders are fading and security risks are proliferating
In the carrier industry, the process of digital transformation is also accelerating. Ubiquitous connectivity makes business systems need to be more open, and the cloudification of business systems makes the deployment of users' IT systems more decentralized, and the traditional security defense line based on perimeter protection gradually disintegrates. At the same time, with the advancement of the digitalization process, the office network environment of the operator industry has become more and more complex, and the diversification of access terminals, network environments, business systems, and service access roles have become typical characteristics, which have laid a time bomb for users' network security.
Zhao Mayu pointed out on the spot that the gradual disappearance of boundaries in recent years has led to a surge in internal and external risks. For example, an employee's mobile terminal can access both the Internet and the intranet, making it very easy to become a springboard for hacking attacks; A large number of applications/middleware are open to the Internet, which makes the network exposure area expand dramatically; In the process of mobile office and remote access, data is transmitted on the Internet, and there is a risk of illegal theft and leakage. In addition, the increasingly complex office network environment has also brought many problems such as management operation and maintenance difficulties, and the difficulty of ensuring the access experience of employees seems to have become a "hurdle" that cannot be bypassed.
In view of the above problems, Zero Trust has become a breakthrough in the construction of office network security in the operator industry.
The way to break the game: Protect business and data access with Zero Trust
Zhao Mayu pointed out: "Our protection of office network security is essentially the process of protecting business and data access." That is, through the Zero Trust business access model, ensure that the right people, use the right terminals, use the right permissions, access the right business, and get the right data anywhere. This model organically connects the scattered security units such as people (identity), terminals, network location, access rights, services, and data, breaking the original architecture, reconstructing the identity-centered security protection mechanism, and improving the security of the office network.
"The demands of operator industry users for zero trust are mainly divided into two categories, that is, trust needs and business needs." Zhao Mayu pointed out.
It is reported that in view of the problem of credibility, I believe that zero trust can be solved from the aspects of credible identity, credible access, and credible behavior. In traditional secure access and access control, it is often necessary to configure multiple sets of different permission rules for the same user in different business systems, which is a huge cost of management and operation under the dynamic and changeable digital office scenario. In Zero Trust Secure Access and Access Control, the legitimacy and security of the access identity can be continuously verified by using traffic identity. At the same time, various security components are linked to analyze the access behavior in real time, dynamically adjust the permissions, and realize the refined and intelligent control of the permissions, which greatly reduces the O&M workload while ensuring access security.
For the business level, Zero Trust can reduce the external exposure, converge the Internet entrances and exits, ensure that internal employees can also safely access the intranet for daily office operations when they go out, and control security risks without affecting the office experience. For scenarios where remote O&M, business hall access, and home agents require access to a large number of business systems, you can also reduce the exposure surface of intranet data by implementing standardized and minimized access permissions to further ensure service security.
Security capabilities are delivered in the cloud, and Zero Trust plays a greater role
At the meeting site, Zhao Mayu also looked forward to the development of Zero Trust. He mentioned that the current development strategy of operators has been upgraded from "IT to the cloud" to "cloud-network integration and cloud-network integration". Hybrid multi-cloud will be the future trend, and blurred boundaries and multi-access will become the norm. In this situation, cloud security access services that integrate the boundary access of the WAN with security protection will be accepted by more and more people. Cloud security access services will also change the previous mode of delivering security products to security, providing security modules in the cloud to ensure the security of users when accessing the Internet, cloud applications, branches, and mobile terminals in real time. As a core technical capability, Zero Trust will also play a greater role in the construction of user security through cloud delivery.
It is understood that Zero Trust has been successfully implemented in zhejiang telecom, guizhou mobile, guangdong unicom, guangxi telecom, guangxi mobile, Hainan telecom, yunnan telecom, Shaanxi province unicom, Jiangsu telecom, Shandong mobile, Sichuan province unicom, mobile (Shanghai) industry and research institute and other operator users, its lightweight, easy to land, sustainable growth advantages have been recognized by more and more users. (Promotion)
(Source: China Net)