MODEL OF IMPLEMENTATION OF MANAGEMENT OF ACCESS TO INFORMATION ASSETS IN THE CONCEPT OF ZERO TRUST
DOI:
https://doi.org/10.17721/ISTS.2024.7.39-44Keywords:
zero Trust, multifactor authentication, single Sign-On, security Policies, fast IDentity OnlineAbstract
Background. Controlling access to information assets is one of the key functions of information security. This task in one form or another must be solved both as a whole at the level of the entire information technology (IT) infrastructure of a company or organization, and in each local information system. Methods. Methods on existing approaches, the article develops a model for providing access to information assets, which allows implementing access control processes in a distributed IT infrastructure. A special feature of the model is an algorithm for dynamically determining the necessary security policies, taking into account the access of users with different privileges. Results. The model takes into account remote access at several conventional "levels" – access of the organization's clients, organization employees, as well as partners and contractors. Since modern information infrastructures of organizations have become complex and distributed, the model assumes the presence of a significant number of access points, including automated workstations in the infrastructure, remote automated workstations, various user and mobile access devices, as well as specific devices, such as effective access control should ensure centralized access of all users to information assets. Conclusions. The model provides for the implementation of a single access point, built on the basis of access models from the zero trust concept, for users and for "robots" – technical accounts used for inter-system interaction. The results of the study will make it possible to develop an architecture for remote user access to distributed information assets and organize access control and management processes based on dynamic determination of the level of trust in access subjects, which generally increases the security of organizations.Downloads
References
Cai, R., & Zhang, X. (2019). Zero Trust Based Identity Security Solution. Information Technology & Standardization, 9, 46–49.
Chapman, G., & Chapman, J. (2021). Zero Trust Security: An Enterprise Guide. Springer.
Columbus, L. (2022). How zero trust can help battle identities under siege. VentureBeat. https://venturebeat.com/security/how-zero-trust-can-help-battleidentities-under-siege/.
Lambert, M., Surhone, M., Tennoe, M., & Henssonow, S. (2023). NIST Enterprise Architecture Model. What is a Zero Trust Architecture. Palo Alto (2023). https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trustarchitecture.
Liu, Z. (2018). Discussion on the construction of network information security system for digital transformation enterprises under the new normal. Cyberspace Security, 9(11), 80–87.
NIST CSWP 20 (2022). Planning for a Zero Trust Architecture. A Planning Guide for Federal Administrators. p. 14.
Zeng, H. (2020). Discussion on Network Security Model and Zero-trust Practice. Computer Products and Circulation, 7, 48.
Zuo, Y. (2018). Zero-trust architecture: a new paradigm for network security. Financial Computerizing, 11, 50–51.
