The government has established a new security concept called the Zero Trust guideline, which emphasizes 'never trust, always verify.'


On the 9th, the Ministry of Science and ICT announced that it has created 'Zero Trust Guideline 1.0' tailored to the domestic environment. Zero Trust assumes that the network has already been compromised when there is a request to access information systems, etc.


The Ministry of Science and ICT judged that with the establishment of cloud-based remote and telecommuting environments and the acceleration of a contactless society due to COVID-19, the traditional boundary-based security model?which distinguishes between internal and external network boundaries and implicitly trusts insiders?has reached its limits, necessitating a shift to a new security model.


Do Not Trust, Keep Verifying... Government Establishes 'Zero Trust Guidelines' View original image

The Zero Trust guideline presents the basic concepts and security principles of Zero Trust, the core principles of the Zero Trust security model and access control principles, detailed procedures for establishing implementation plans, and reference models for adoption. Zero Trust security refers to enhanced authentication (including continuous authentication using multiple authentication factors beyond just ID and password), micro-segmentation (dividing servers and computing services into small units), and software-defined perimeters (creating boundaries that can separate and protect targets based on software).


It is one of the most important principles implementing the fundamental philosophy of Zero Trust, involving the process of deciding whether to allow access requests to protected resources.


For safe and continuous access control, the Zero Trust security model should be divided into control and data planes. When there is an access request to a resource, it should operate with a Policy Decision Point (PDP) that decides on access and a Policy Enforcement Point (PEP) that enforces the access.


Stakeholders from institutions and companies considering Zero Trust adoption need indicators to determine which elements among network and computing resources should be designed at what security level, as well as to establish related budget plans and monitor progress during the adoption period. To this end, functions at each maturity level of security for six core elements?identifiers and identities, devices, networks, systems, applications and networks, and data?are defined to provide practical information. The government, public institutions, and corporate stakeholders are provided with actual network models and case studies applying the Zero Trust security model based on these models as reference models to assist in establishing practical adoption strategies.


The SGA Solutions Consortium and Private Technology Consortium plan to implement the Zero Trust security model in various environments such as telecommunications, finance, and public sectors by December. They will apply a verification model composed of attack scenarios by white-hat hackers to verify the security effectiveness before and after Zero Trust adoption.


Hot Picks Today

"Samsung and Hynix Were Once for the Underachievers"... Hyundai Motor Employee's Lament "Samsung and Hynix Were Once for the Underachievers"... Hyundai Motor Employee's Lament

Park Yoon-kyu, the 2nd Vice Minister of the Ministry of Science and ICT, said, "As networks expand into citizens' daily lives and various industrial sectors, the security system must transition during this paradigm shift, and we need to find alternatives suitable for this situation." He added, "We will continuously supplement and enhance the Zero Trust guideline to provide practical help to government, public institutions, and companies, and support the spread of the Zero Trust security model into various fields through demonstration projects."


한글 기사 보기
This content was produced with the assistance of AI translation services.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.

Today’s Briefing