Mobile cloud desktop case: why is the zero trust architecture favored by the operator industry? The network security situation is becoming increasingly severe, and the telecom operators, as the basic telecom business operators, are facing increasing pressure. Operators rely on traditional access control, access control and other systems to build basic access protection capabilities for network security. However, facing increasingly complex network security challenges, traditional solutions can no longer solve the access and protection challenges faced by operators. How to ensure business security has become a long-term problem for operators.
The internal system types of the three major operators can be roughly divided into Office system (such as OA, email, etc.) Production system (such as business acceptance, CRM, etc.) and Operation and maintenance system (such as work order system and network element operation and maintenance management); In terms of system access, there are two ways: Internet access and DCN network access; Access users include internal office personnel, network management operation and maintenance personnel, agents, third-party resident personnel and other roles; Access terminals involve a variety of terminal types and operating systems.
Under the interweaving of users with different roles, different access ways, different business systems, and different types of terminals, security access and protection become the main challenges for operators in security construction:
Large exposed surface of the system
On the one hand, there are many businesses accessed through the Internet, and there are intrusion risks such as malicious scanning, vulnerability detection attacks, weak password explosions, etc.
On the other hand, the application system accessed through the operator's DCN network contains a large amount of internal sensitive data (B domain, O domain, M domain, etc.), which is directly exposed to all internal and even external network users, increasing the attack surface and data exposure. Once attacked, the consequences will be difficult to estimate.
Outstanding terminal security problems
As mentioned above, when a user terminal accesses an internal system through Internet access, the user roles it faces are complex, and the business systems involved are also complex and diverse. In addition, the security status of the terminal itself is uncontrollable, so it is very easy to become an attack target, thereby threatening the internal network.
Difficulty in access rights management
User roles are diverse, data centers are gradually increasing, and access to multi cloud and multi data centers has become the norm. How to achieve unified authority management in a multi role, multi cloud and multi data center environment has become another challenge for the informatization construction of operators.
As advanced threats continue to grow, permission management must be integrated into the dynamic access process of business, that is, it can achieve automated and refined dynamic permission control over abnormal access behavior to deal with the risk of illegal access, solve the data security risks caused by account sharing, and achieve effective detection and disposal of weak passwords.
To sum up, the biggest problem facing operators is How to ensure the safe access and protection of business.
Why is the zero trust architecture favored by the operator industry?
At this time "Never trust, always verify" The concept of zero trust has attracted the attention of operators.
Focusing on the operator industry, deploy zero trust architecture It can realize the establishment of the universal terminal unified security access protection system, and achieve the unified security access requirements for PCs, mobile terminals, etc. after the "cloud to digital conversion" through SDP (software definition boundary), while significantly reducing the system exposure, helping defense in depth and data security, complementing the weakness of security construction, and realizing the ability to handle grayscale traffic, Meet the demand for network security in important periods.
At the same time, the zero trust architecture is more in line with the needs of operators for simultaneous access to multiple clouds, meets the cloud trend, and realizes the nearby access of large concurrent users in a multi cloud environment.
See how the operator industry implements zero trust from three typical cases
Unified security access construction of multiple data centers of an operator group
An operator group, based on the business and intensive construction needs of B domain systems in all provinces of the country, has increased a large number of security access needs, so it needs to conduct unified security management and control on access personnel.
For specific problems, the operator group adopts the mobile cloud zero trust solution, and through the distributed deployment of zero trust access control system aTrust in a multi cloud environment, the security release of the B domain system can effectively shrink the system exposure, achieve unified security access control for users, and break the resource bottleneck with an elastic expansion mechanism to achieve high concurrency Solve the unified security management and control problem of multi data center cross domain deployment, comprehensively improve the system access security, and finally provide security protection for tens of thousands of people in the group to meet 15000 concurrent access.
Unified security access construction of a provincial operator terminal
A provincial operator has put hundreds of office and business systems online in the informatization construction, and has built a mobile office platform on the mobile end, which is mainly portal APP and integrates many business APPs. It carries daily office and operation and maintenance business of tens of thousands of employees, and business exposure risk and terminal security risk become the main threat.
In order to effectively reduce the exposure of business, the operator adopts Mobile Cloud The zero trust solution builds a unified terminal security capability for mobile terminals and traditional PC terminals through the full terminal security sandbox technology based on zero trust, hides business exposure, realizes the unified security access of 3W multi terminals throughout the province, meets the security guarantee during attack and defense drills/re protection, effectively traces the source of access, and locates attacks.
Security construction of operation and maintenance system authority of a provincial operator
A provincial operator covers 200 networks and application operation and maintenance systems, including network management system, office system, business background management system, and more than 6000 operation and maintenance personnel. A large number of business systems need to be accessed through the intranet and extranet. Permission management has become the biggest problem.
In order to minimize user access management, the operator adopts Mobile Cloud The zero trust scheme hides the operation and maintenance system behind the zero trust gateway, interfaces with the existing network 4A system, realizes the identification of access flow, and realizes the dynamic access control of access permissions in combination with the terminal environment and access behavior.
Why do major operators choose zero trust landing Mobile Cloud ?
As one of the first enterprises in China to explore zero trust applications, Mobile Cloud Based on the leading position in the SSL VPN market for more than ten years, he has a very profound understanding and accumulation of business access scenarios Mobile Cloud The security practice experience and security capability brought by its own security product system put forward the zero trust architecture concept of "identity centric, trusted access, intelligent permissions, and minimal operation and maintenance".
Based on this concept, Mobile Cloud Launched ATrust products and solutions of zero trust access control system based on SDP architecture , Through new generation network stealth, dynamic adaptive authentication, full cycle terminal environment detection, dynamic business access, dynamic access control, multi-source trust evaluation and other core capabilities, it helps operators achieve the transformation of new generation network security architecture with traffic identification, intelligent permissions, dynamic access control, and extremely simplified operation and maintenance management.
▲ Mobile Cloud Zero trust overall architecture
according to Mobile Cloud Guo Bingliang, General Manager of Zero Trust Product Line, Mobile Cloud With its own security as the underlying design and development element, it has launched a new zero trust security architecture scheme, and its core component is also named aTrust. In addition to the business security protection capability, in terms of its own security, it has also been verified by internal and external gatekeepers. Just taking the operator industry as an example, it has experienced multiple rounds of actual in-depth penetration verification in multiple users. A deep understanding of business security and self security is also Mobile Cloud Zero trust is one of the key factors that can be recognized by operators' customers.
It is also based on the profound understanding and practice of both security and business, Mobile Cloud Zero trust has been successfully implemented in many operators.
At present, Mobile Cloud Zero trust has been implemented in finance, operators, Internet enterprises, large-scale manufacturing, education, government research, enterprises and institutions, and its advantages of lightweight, easy to implement, and sustainable growth have been recognized by more and more users.
With the acceleration of cloud based and midrange transformation of operators' business support systems, operators' security construction is extending from traditional border defense to cloud based security and terminal security, from network security to data security and application security.
In this regard, Mobile Cloud Based on years of experience in the field of operators' industry and deeply combining the industry development trend, the security construction idea of "trusted access, three-dimensional protection, network awareness, centralized management and control" was proposed to help operators build a new generation of security architecture and ensure the informatization development of operators.
Mobile cloud desktop Click here to learn more: //hopechilam.com/edesk/buy-edesk.html
