The core component of zero trust

Bamboocloud Zero Trust 

helps your enterprise to easily cope with the following challenges

  • Obscure boundary

    Obscure boundary
    Traditional borders are disintegrating and border-based security systems are failing losing efficacy.
  • Traditional security defense system gradually losts efficacy

    Traditional security defense system gradually losts efficacy
    Traditional security architecture is based on "defense in depth + boundary defense", which is difficult to adapt to the rapid growth of the organization and the rapid changes in the business.
  • Each security product is independent of each other

    Each security product is independent of each other
    Traditional security products are separate and independent from each other, unable to provide overall security solutions with well-coordinated and inter-connected.
  • Lack of identity

    Lack of identity
    Network access traffic lacks effective control, monitoring and audit identity based on user identity.
  • The infrastructure is difficult to change

    The infrastructure is difficult to change
    How to enhance the security protection level without changing the existing architecture?
  • Permission abuse

    Permission abuse
    Mainly static-based authorization is unable to make dynamic adjustments based on real-time risks.
<  WHAT  >

is Zero Trust

Rebuilding trust in an untrustworthy network environment. It should be assumed that there are always external threats and internal threats to the network and that it is not sufficient to assess trust by network location alone. By default no one/device/system inside or outside the network should be trusted, but rather the trust base for business access control should be reconstructed based on authentication and authorization. Each device and user's business access should be authenticated, authorized and encrypted. Access control policies and trust should be dynamic and calculated based on multi-source environment data of devices, users and environment.

Core thought: No one/device/system inside and outside the network should be trusted by default, and the trust foundation of access control needs to be reconstructed based on authentication and authorization.

Intrinsic demand: Identity-centric access control guides the security architecture from network-centric to identity-centric.


Solution Overview

The core part of zero trust is the security architecture based on dynamic IAM and centered on digital identity. At the same time, according to the access environment information and risk assessment index, dynamic access control mechanism is adopted to prevent unauthorized access.zero trust(solution overview).jpg

Solution Architecture

On the basis of identity, authentication and authorization, we integrate existing security products, provide environment awareness, trusted agent and control services, control access based on the principle of minimizing authority, and guide the security architecture from network-centric to identity-centric. Instead of relying on network location to judge whether access is allowed, we continuously evaluate the security and risk status of devices, systems, users, environment, behaviors and access flows, so as to achieve fine-grained and dynamic security access control.zero trust(solution architecture).jpg

Trust Chain

zero trust(trust chain).png

<  Core components  >

  • Intelligent Identity Management Platform

    Intelligent Identity Management Platform

    Building a unified identity source, to realize the unified Identification of users, devices, applications and API interfaces across the network, and realizes unified authority grooming.
  • Authentication Services

    Authentication Services

    It realizes the dynamic access control based on the risk measurement and trust evaluation.
  • Trusted Access Gateway

    Trusted Access Gateway

    As a security access policy execution point, all services need to pass the trusted access gateway before they are visible to legitimate users/devices.

  • All-round security based on identity

    Centralized control of identity security, terminal security and link security

  • Real-time security data collection and analysis

    Petabyte scale data retrieves provenance in the second level

    Real-time perception of the security situation of the whole network

  • Multi-dimensional authorization mechanism; automatic authorization and revocation based on changes in user attributes; user self-application and approval to automatically open permissions

  • Multi-platform linkage collaboration, threating closed-loop disposal; security engine and policy engine linkage to issue control policies, blocking threat sources at the minute level.

  • Access control from static to dynamic

    Real-time perceiving changes in the security environment during user access, dynamically adjusting security control policies

    Continuously assessing the security and risk status of equipment, systems, users, data flow

  • A variety of authentication methods to identify trusted users, scanning QR codes, OTP, UKey, face, voiceprint, fingerprints and other methods of continuous authentication, critical applications and ,exception access compel secondary authentication

  • Using big data to conduct risk modeling and measures potential security risks based on environment data and accessing behavior data of people and devices.

  • Adopting machine learning algorithms to realize the automation of identity and access management based on advanced identity analysis technology and workflow engine