The zero-trust security architecture has been increasingly recognized in recent years.
Cloud computing has become a new productivity, but it has also brought new challenges to information security. First, corporate business is in the cloud and may be exposed to the public Internet. Enterprise applications and data stored in the cloud platform are more vulnerable than applications and data behind the core firewall. In addition, due to the emergence of internal threats such as identity permissions, network security issues in the cloud era are becoming more and more important for enterprises.
In order to deal with these problems, the zero-trust security architecture has been recognized by more and more people in recent years. This idea was first proposed by the analyst Forrester analyst John Kindwig in 2010, referring to the verification and protection of all sources, restriction and strict enforcement of access control, inspection and recording on the basis of “all network traffic is not trusted” All network traffic logs. Its essence is based on identity-based dynamic access control, that is, based on identity, through dynamic access control technology, with fine-grained applications, interfaces, and data as the core protection objects, following the principle of least privilege, and building an end-to-end identity boundary .
Saifu Technology, a network security startup company that I learned a few days ago, focuses on zero-trust intelligent security services and passes zero-trust authentication entrances, security centers and security gateways. Unified connection and management of enterprise applications, cloud applications, API permissions, etc., to improve enterprise security and management efficiency. From the product side, the three main products of Saifu include Quicker Beidou Intelligent Identity Token, IDaas Tiangong Unified Security Control Center and DSG Orion Business Security Agent Gateway. These three products work together to take on the functions of authentication, authorization and access control.
At present, the industry believes that the zero-trust security architecture is mainly composed of four components, which are the device-side security management component for verification, the unified identity management for verification users, A dynamic access control gateway that continuously evaluates and minimizes permissions and an intelligent security brain that continuously adapts to risks and evaluates trust. Saifu’s products also basically provide security services around these aspects.
Where the smart identity token confirms “who are you” through technical means such as device authentication, user identification, terminal security, etc., and plays an authentication role. The role of IDaas unified security control center is to match information such as account and authority, and perform identity authorization. The Orion Business Security Agent Gateway is connected to the business system. Its role is to add a layer of protection in front of the system. When employees, partners and customers need to access, the agent networkGuanhui interacts with the identity security control center, and can only access the system after the identity is confirmed and the authority is clear. If there is a security risk, the proxy gateway will also play a role in interception and alarm.
In terms of product polishing, the company ’s founder Yang Dawei believes that the difficulty lies mainly in the adaptability of the product and the security of the system itself.
Firstly, because the domestic system standards are not uniform, the products need to be configurable and adapt to different scenarios of different companies. If this is not possible, the product will become a customized development project, which is not suitable for the growth of startups. When faced with some needs that require customization, the way Saifu extracts them into product requirements, configures the product, and does not perform code modification or version customization The second is the security of its own products. Saifu will continue to test and improve the system’s own security by combining with industry threat intelligence, which is also a common practice in the industry.
In the business model, the company currently provides local and cloud versions of the product, and the cloud SaaS version is currently free for small customers. At present, in terms of customer selection, Saifu tends to serve Internet companies such as customers who have pain points and are more able to accept new things. There are dozens of existing customers.
According to the “China Cybersecurity Industry White Paper” released by the China Academy of Information Technology in 2019, current zero trust has moved from concept to implementation, and domestic and foreign companies are currently based on zero trust Issues of identity management and access control, focusing on software-defined boundaries and micro-isolation. For example, Google ’s BeyondCorp implements a zero-trust concept based on devices, users, dynamic access control, and behavioral awareness strategies. Specifically, all its traffic is authenticated and authorized through a unified access proxy, and updates relevant information such as user, device, status, and historical user behavior credibility in the fingerprint database in real time, and uses dynamic multi-round scoring mechanism to request The source is divided into trust levels. In the domestic market, there are also manufacturers such as Hangzhou Cloud Alliance and Chianxin who provide their own zero-trust solutions. Among them, Cloud Alliance ’s zero-trust security capability platform includes three components: zero-trust client, zero-trust distributed cloud gateway, and zero-trust. Strategy controller, the main service customers are game companies. Chi Anxin mainly covers government and traditional industries. Yang Dawei believes that Saifu and traditional security companies have different market positioning. As mentioned above, Saifu is currently positioned to serve Internet customers, while the latter mainly serves vertical industries such as government, banking, energy, and healthcare. The difference in market entry has led to different approaches. The latter often requires customized development, which is different from Saifu’s main configurable and lightweight product concept.
For the team, the company currently has more than a dozen team members, most of whom are product developers. The founder, Yang Dawei, graduated from Beijing University of Posts and Telecommunications, is a senior cybersecurity practitioner, and has served as a 360 product and marketing senior management staff; a senior communications engineer and Ericsson global service engineer with 10 years of product and sales management experience.