网络安全评估和零信任模型

在过去的几年里，“零信任”体系结构的概念经历了许多演进阶段。它已经从一个炙手可热的新时尚，变成了陈腐的东西（很大程度上是由于那些想在这个趋势上赚钱的人的大量营销活动），现在它最终已经进入了一个可能一直以来都应该有的东西：一个坚实的，熟练的安全选项，带离散的，可见的优点和缺点可以合并到我们组织的安全方法中。 顾名思义，零信任是一种安全模型，其中所有资产-甚至是您配置的托管端点和由您配置的本地网络-被认为是敌对的，不可信任的，并且可能已被攻击者破坏。零信任代替了将“受信任”内部与不受信任外部内部区分开的传统安全模型，而是假定所有网络和主机同样不可信。 一旦对假设进行了根本性的改变，就可以开始对信任的内容，对象和时间做出不同的决定，并允许采用可接受的验证方法来确认请求或交易。 作为安全思想，这具有优点和缺点。 优点之一是，您可以从战略上将安全资源应用到最需要的地方。并增加了对攻击者横向移动的抵抗力（因为每种资源在建立滩头堡后都需要重新破碎）。 也有缺点。例如，在每个系统和应用程序上都需要执行策略，并且使用不同安全性假设构建的较旧的旧组件可能不太适合，例如内部网络值得信赖。 最潜在的问题缺点之一是与安全状况的验证有关，即在安全模型需要由较旧且更注重遗留性的组织进行审查的情况下。动态是不幸的：那些可能会发现最引人注目的模型的组织就是那些采用该模型的组织，他们很可能为应对挑战做好了准备。

原文：Over the past few years, the concept of "zero trust" architecture has gone through a number of evolutionary phases. It's gone from being the hot new fad, to being trite (in large part due to a deluge of marketing from those looking to cash in on the trend), to passé, and now has ultimately settled into what it probably should have always been all along: a solid, workmanlike security option with discrete, observable advantages and disadvantages that can be folded into our organization's security approach.

Zero trust, as the name implies, is a security model where all assets -- even managed endpoints that you provision and on-premise networks configured by you -- are considered hostile, untrustworthy and potentially already compromised by attackers. Instead of legacy security models that differentiate a "trusted" interior from an untrusted external one, zero trust instead assumes that all networks and hosts are equally untrustworthy.

Once you make this fundamental shift in assumptions, you start to make different decisions about what, who, and when to trust, and acceptable validation methods to confirm a request or transaction is allowed.

As a security mindset, this has advantages and disadvantages.

One advantage is that it lets you strategically apply security resources where you need them most; and it increases resistance to attacker lateral movement (since each resource needs to be broken anew should they establish a beachhead).

There are disadvantages too. For example, policy enforcement is required on every system and application, and older legacy components built with different security assumptions may not fit in well, e.g. that the internal network is trustworthy.

One of the most potentially problematic downsides has to do with validation of the security posture, i.e. in situations where the security model requires review by older, more legacy-focused organizations. The dynamic is unfortunate: those same organizations that are likely to find the model most compelling are those same organizations that, in adopting it, are likely to set themselves up for vetting challenges.