TY - JOUR
T1 - Strategy for Implementing of Zero Trust Architecture
AU - Tsai, Mengru
AU - Lee, Shanhsin
AU - Shieh, Shiuhpyng Winston
N1 - Publisher Copyright:
IEEE
PY - 2024
Y1 - 2024
N2 - In recent years, due to the impact of the COVID-19 pandemic, enterprises have been forced to adapt their operation patterns to ensure resilience, transitioning from traditional office-based work to remote work from home. However, this sudden and unforeseen change has made enterprises unprepared, resulting in a dramatic increase in cybersecurity threats. The most significant challenge arises from the adjustment from working in previously trusted areas to that beyond the boundaries of protection. While employees used to work within the company's defense perimeter, malicious attacks were blocked and detected by boundary security gateways. Shifting to remote work moves employees out of the protective environment, thereby their devices connecting to the internal resources of a company become exploitable targets for threat actors, and weaknesses in the internal authentication, authorization, and access control mechanisms become evident. The zero trust architecture (ZTA) approach is primarily focused on resource protection. When users or services attempt to access resources, ZTA requires precise authentication, minimal authorization, and continuous verification (trust inference) to ensure legitimacy and authorization of the resource usage, eliminating any space for assumed or inherited trust. In this article, we will address the challenges in handling the threats and propose the strategies, implementation, and limitation of ZTA, aiming to shed light on its effectiveness and applicability in mitigating cybersecurity risks.
AB - In recent years, due to the impact of the COVID-19 pandemic, enterprises have been forced to adapt their operation patterns to ensure resilience, transitioning from traditional office-based work to remote work from home. However, this sudden and unforeseen change has made enterprises unprepared, resulting in a dramatic increase in cybersecurity threats. The most significant challenge arises from the adjustment from working in previously trusted areas to that beyond the boundaries of protection. While employees used to work within the company's defense perimeter, malicious attacks were blocked and detected by boundary security gateways. Shifting to remote work moves employees out of the protective environment, thereby their devices connecting to the internal resources of a company become exploitable targets for threat actors, and weaknesses in the internal authentication, authorization, and access control mechanisms become evident. The zero trust architecture (ZTA) approach is primarily focused on resource protection. When users or services attempt to access resources, ZTA requires precise authentication, minimal authorization, and continuous verification (trust inference) to ensure legitimacy and authorization of the resource usage, eliminating any space for assumed or inherited trust. In this article, we will address the challenges in handling the threats and propose the strategies, implementation, and limitation of ZTA, aiming to shed light on its effectiveness and applicability in mitigating cybersecurity risks.
KW - Attribute-based access control (ABAC)
KW - Authentication
KW - Authorization
KW - Computer security
KW - function-based access control (FBAC)
KW - MITRE ATT&CK matrix
KW - Monitoring
KW - Organizations
KW - policy decision point (PDP)
KW - policy enforcement point (PEP)
KW - role-based access control (RBAC)
KW - Security
KW - Software
KW - zero trust architecture
UR - http://www.scopus.com/inward/record.url?scp=85182370721&partnerID=8YFLogxK
U2 - 10.1109/TR.2023.3345665
DO - 10.1109/TR.2023.3345665
M3 - Article
AN - SCOPUS:85182370721
SN - 0018-9529
SP - 1
EP - 8
JO - IEEE Transactions on Reliability
JF - IEEE Transactions on Reliability
ER -