1. The use of Zero Trust model for cloud security assessment
- Author
-
Živković, Anastazija and Grgić, Krešimir
- Subjects
oblak ,procjena ,assessment ,questionnaire method ,security ,NIST ,sigurnost u oblaku ,ISO ,cloud ,PaaS ,metoda upitnika ,savjetništvo ,TECHNICAL SCIENCES. Electrical Engineering. Telecommunications and Informatics ,sigurnosni okviri ,IaaS ,sigurnost ,TEHNIČKE ZNANOSTI. Elektrotehnika. Telekomunikacije i informatika ,sigurnosna rješenja ,cloud security ,SaaS ,security frameworks ,consulting ,network ,security solutions ,mreža ,Zero Trust - Abstract
Zero Trust je koncept koji je zasnovan na motu never trust, always verify. Upravo ova rečenica označava kako se Zero Trust princip koristi pri svakoj od komponenti oblaka za provjeru aplikacija, usluga, uređaja, podataka i mreže. Na taj način moguće je zaštititi sve dijelove oblaka i informacije pohranjene u oblaku. U Zero Trust modelu mijenja se dosadašnje poimanje sigurnosti računalstva u oblaku te se smatra kako se napadač mrežom može kretati lateralno. Upravo zato je potrebno stalno iznova provjeravati prava dodijeljena svakoj komponenti oblaka, koristeći autentifikaciju, verifikaciju i autorizaciju. Zero Trust is a concept whose motto is never trust, always verify. This sentence proves that Zero Trust principle has been used for every component of cloud, to check applications, services, devices, data and network. In this way it is possible to protect every cloud component, including information which is stored in cloud. Zero Trust model changes former understanding of cloud security and it considers that malicious attacker's lateral movement through the network is possible. This is the reason why it is necessary to circurarly check dedicated rights for every system component, by using authentication, verification and authorization.
- Published
- 2022