Strategy for Implementing of Zero Trust Architecture

Mengru Tsai, Shanhsin Lee, Shiuhpyng Winston Shieh

研究成果: Article同行評審

1 引文 斯高帕斯(Scopus)


In recent years, due to the impact of the COVID-19 pandemic, enterprises have been forced to adapt their operation patterns to ensure resilience, transitioning from traditional office-based work to remote work from home. However, this sudden and unforeseen change has made enterprises unprepared, resulting in a dramatic increase in cybersecurity threats. The most significant challenge arises from the adjustment from working in previously trusted areas to that beyond the boundaries of protection. While employees used to work within the company's defense perimeter, malicious attacks were blocked and detected by boundary security gateways. Shifting to remote work moves employees out of the protective environment, thereby their devices connecting to the internal resources of a company become exploitable targets for threat actors, and weaknesses in the internal authentication, authorization, and access control mechanisms become evident. The zero trust architecture (ZTA) approach is primarily focused on resource protection. When users or services attempt to access resources, ZTA requires precise authentication, minimal authorization, and continuous verification (trust inference) to ensure legitimacy and authorization of the resource usage, eliminating any space for assumed or inherited trust. In this article, we will address the challenges in handling the threats and propose the strategies, implementation, and limitation of ZTA, aiming to shed light on its effectiveness and applicability in mitigating cybersecurity risks.

頁(從 - 到)1-8
期刊IEEE Transactions on Reliability
出版狀態Accepted/In press - 2024


深入研究「Strategy for Implementing of Zero Trust Architecture」主題。共同形成了獨特的指紋。