Stock Abbreviation : Topsec      Stock Code : 002212
7*24 hour service: 400-777-0777
Product Service
View all
  • Infrastructure Network
  • Data security
  • Industrial Internet Security
  • IoT
  • Safety service and operation
  • Cloud computing and cloud security
  • Zero Trust
Border Security
Application Security
Security Management
Safety Detection
Endpoint Security
Popular products
Zero Trust
Build a dual system security framework of zero trust inference and trusted inference.
Consulting and support services
Security Operations
Red blue confrontation service
Security Cloud Service
New technology testing services
Security integration
Industry specific services
Popular products
Zero Trust
Build a dual system security framework of zero trust inference and trusted inference.
Special Topics in Security
Security Research
About Us
About Topsec
China's leading cyber security, big data and cloud service provider
Learn about Topsec
About Us
Contact Us
Zero Trust
Build a dual system security framework of zero trust inference and trusted inference.
EN

Zero Trust

Build a dual system security framework of zero trust inference and trusted inference

Background

With the rise of cloud computing, big data, mobile Internet, IoT, 5G network, and other new technologies, traditional cyber security architecture is falling behind the times. The network environment is increasingly complex, and network boundaries are increasingly blurred. The traditional cyber security architecture is difficult to meet the current development needs, resulting in the connection between users, equipment, applications, and network resources being exposed to high-risk environments. The closer service and information development are integrated, the greater the risk of exposure. Simply relying on traditional security products to access the background application system via the network cannot ensure that the identity of the access subject (including users, devices, and applications) is trusted. With increasing uncertainty and unpredictability in the network, it is necessary to find a reliable support point and build a security system in an unreliable network.

Relevant Policies
2013
SDP Standard Specification 1.0, issued by the Cloud Security Alliance (CSA) in 2013
View Details
2019
Guidelines on Promoting the Development of the Cyber Security Industry (Exposure Draft), drafted by the Ministry of Industry and Information Technology in 2019
View Details
2019
SDP Standard Specification 2.0, issued by the CSA in 2019
View Details
2019
SDP Architecture Guidelines, issued by the CSA in 2019
View Details
2019
White Paper on China's Cybersecurity Industry, issued by China Academy of Information and Communication Technology in 2019
View Details
2020
Protection 2.0 with SDP, issued by the CSA in 2020
View Details
2020
The second edition of white paper on Draft Standard for a Zero Trust Architecture, issued by the National Institute of Standards and Technology (NIST) in 2020
View Details
2010
Cloud Security Alliance (CSA) releases' Software Defined Boundaries and Zero Trust '
View Details
2013
SDP Standard Specification 1.0, issued by the Cloud Security Alliance (CSA) in 2013
View Details
2019
Guidelines on Promoting the Development of the Cyber Security Industry (Exposure Draft), drafted by the Ministry of Industry and Information Technology in 2019
View Details
2019
SDP Standard Specification 2.0, issued by the CSA in 2019
View Details
2019
SDP Architecture Guidelines, issued by the CSA in 2019
View Details
2019
White Paper on China's Cybersecurity Industry, issued by China Academy of Information and Communication Technology in 2019
View Details
2020
Protection 2.0 with SDP, issued by the CSA in 2020
View Details
2020
The second edition of white paper on Draft Standard for a Zero Trust Architecture, issued by the National Institute of Standards and Technology (NIST) in 2020
View Details
2010
Cloud Security Alliance (CSA) releases' Software Defined Boundaries and Zero Trust '
View Details
Development Trend
The standard system has been gradually improved

In recent years, standards related to Zero Trust Security have developed rapidly: in 2013, CSA issued SDP Standard Specification 1.0; In 2017, the CSA issued Enterprise Security Migration on the Cloud with the Help of SDP; In 2019, the Ministry of Industry and Information Technology drafted the Guidelines on Promoting the Development of the Cyber Security Industry (Exposure Draft), which took striving to break through cyber security technology; as one of its main tasks and mentioned ;Zero Trust Security; The China Academy of Information and Communication Technology issued a white paper on China's Cyber Security Industry, which pointed out that Zero Trust has moved from concept to implementation; In May 2019, the CSA issued the SDP Architecture Guidelines; In February 2020, The National Institute of Standards and Technology (NIST) issued the second edition of the white paper Draft Standards for Zero Trust Architecture in February 2020, which established standard definitions for the concepts of Zero Trust Security and logical architecture. In the future, industry standards, alliance standards and national standards related to Zero Trust Security will be further improved and developed, and the Zero Trust security industry will become more standardized.

An identity-based security architecture is built

Most enterprises still adopt the traditional cyber security architecture, that is, border-based protection, at the moment. Due to inherent limitations of the physical security boundary, enterprises cannot install the public cloud into their own firewalls if they want to migrate their services to the cloud. If enterprises want to develop mobile office, the firewall cannot cover every corner of the outside. If enterprises want to embrace big data, they must exchange data with their partners. Under the development trend of new technology, the conventional security border model rapidly disintegrates and has turned into a barrier to the growth of services. Enterprises need to build a new security architecture. The Zero Trust architecture breaks the traditional security boundaries. It no longer assumes that the intranet is secure and controllable. Instead, it continuously confirms the user's identity and the device's legality and permissions before dynamically granting them the minimum access rights.

Users' Pain Points
The resource access is difficult to control
Legal identity and authority may be stolen or abused. Legal identity permission may be inadvertently misused. Permission management is decentralized, with breakpoints or blind areas.
The implicit network trust zone is too large
Intranet personnel can access a large number of non-service resources using the network. There are many application systems in the isolated area of the same network, and all of them are accessible using the network. There are many microservices in the isolated area of the same network, and all of them are accessible using the network.
Technical System
The Zero Trust architecture can be divided into one center, three support systems, and four execution points. Just like a brain, the control strategy center of the Zero Trust system performs all policy maintenance control. Access inspection, application inspection, data inspection, and O&M inspection are the execution points to implement the brain's security access strategies into rules. The four execution points can be unified as an inspection. The main functions are inspection and control, which guide all data flows to access according to the preset path. Only by passing through these execution rules can all data flows truly achieve a kind of security monitoring and prevention. The brain, execution points, and support systems make the Zero Trust architecture play a better role. The overall architecture of the idea design: one is to prevent unauthorized accesses. The second is to implement access control at the finest granularity possible.
Comprehensive Strength
Topsec always adheres to independent innovation in the field of zero-trust security. It strives to lead the zero-trust trend and application in technology exploration, product development, and solution implementation to improve the overall security.
Relevant Recommendations
RELIABLE NETWORK SAFE WORLD

Product Service

Security Research

Special Topics in Security

About Us
Hot products
Next Generation Firewall NGFW® Hyper-converged Management Emergency Response Service Data Security Management Platform
Typical cases
CNCC security construction project Loophole Scanning Project of a Communication Group Internet surface exposure detection project of a central ministry
More Recommendations
Data Security Cloud Computing Industrial Internet Internet of Vehicles
Copyright © 2022 Topsec Technologies Group. All Rights Reserved Privacy Policy