28 lines
1023 B
Markdown
28 lines
1023 B
Markdown
---
|
||
id: Zero-Trust
|
||
title: "Zero Trust"
|
||
type: concept
|
||
tags: [security, cloud, framework]
|
||
sources: []
|
||
last_updated: 2026-04-15
|
||
---
|
||
|
||
## Definition
|
||
零信任安全模型(Zero Trust)是一种安全框架,核心原则为"永不信任,始终验证"——不假设网络边界内的任何请求是安全的,要求每次访问都经过身份验证和授权。
|
||
|
||
## Core Principles
|
||
- 永不隐式信任:无论请求来自内网还是外网,都需验证
|
||
- 最小权限原则:仅授予完成任务的最低权限
|
||
- 持续验证:动态评估访问上下文(设备状态、位置、行为)
|
||
- 微分段网络:限制横向移动,即使边界被突破
|
||
|
||
## Cloud Implementation
|
||
- AWS:IAM + Security Hub + GuardDuty
|
||
- Azure:Azure AD + Microsoft Defender + Sentinel
|
||
- GCP:Google IAM + Security Command Center
|
||
|
||
## Related Concepts
|
||
- [[Cloud Operating Model]]:Zero Trust 是 COM 安全支柱的核心
|
||
- [[DevSecOps]]:Zero Trust 嵌入 DevOps 流程
|
||
- [[Multi-Cloud Governance]]:跨云统一实施 Zero Trust
|