Chinese, Simplified
category
由于您的组织可能已经具备零信任保护的要素,因此本文档集提供了概念信息,以帮助您开始使用,并提供了端到端遵守零信任原则的部署计划和实施建议。每篇文章都是部署目标的清单,包括步骤和更多信息的链接。
通过在七个技术支柱中实施零信任控制和技术,您可以在整个IT基础设施中部署零信任原则。其中六个支柱是信号源、执法控制平面和需要防御的关键资源。在这些方面,有一个支柱负责收集这些信号,为安全事件提供可见性,并为应对和减轻网络安全威胁提供自动化和编排。
Zero Trust中可见性、自动化和编排元素的示意图。
以下文章提供了这七个技术支柱的概念信息和部署目标。使用这些文章来评估您的准备情况,并制定应用零信任原则的部署计划。
| Technology pillar | Description |
|---|---|
|
身份——无论是代表人、服务还是物联网设备——定义了零信任控制平面。当一个身份试图访问资源时,请使用强身份验证来验证该身份,并确保该身份的访问是合规的和典型的。遵循最小权限访问原则。 |
|
一旦身份被授予访问资源的权限,数据就可以流向各种不同的端点(设备),从物联网设备到智能手机,从BYOD到合作伙伴管理的设备,从本地工作负载到云托管服务器。这种多样性创造了一个巨大的攻击面。监控和执行设备健康状况和合规性,以实现安全访问。 |
|
[最终,安全团队正在保护数据。在可能的情况下,即使数据离开组织控制的设备、应用程序、基础设施和网络,也应保持安全。对数据进行分类、标记和加密,并根据这些属性限制访问。 |
|
应用程序和API提供了使用数据的接口。它们可能是遗留的本地工作负载、提升并转移到云工作负载或现代SaaS应用程序。应用控制和技术来发现影子IT,确保适当的应用内权限,基于实时分析来控制访问,监控异常行为,控制用户操作,并验证安全配置选项。 |
|
基础设施——无论是本地服务器、基于云的虚拟机、容器还是微服务——都是一个关键的威胁载体。评估版本、配置和JIT访问,以加强防御。使用遥测技术检测攻击和异常,自动阻止和标记危险行为并采取保护措施。 |
|
所有数据最终都是通过网络基础设施访问的。网络控制可以提供关键控制,以提高可见性,并帮助防止攻击者在网络中横向移动。对网络进行分段(并进行更深入的网络细分),并部署实时威胁防护、端到端加密、监控和分析。 |
|
在我们的零信任指南中,我们定义了跨身份、端点(设备)、数据、应用程序、基础设施和网络实施端到端零信任方法的方法。这些活动提高了您的可见性,为您做出信任决策提供了更好的数据。随着每个单独的领域都产生自己的相关警报,我们需要一个集成的能力来管理由此产生的数据流入,以更好地防御威胁并验证交易中的信任。 |
Recommended training
| Training | Establish the guiding principles and core components of Zero Trust |
|---|---|
 |
Use this learning path to understand the basics of applying Zero Trust principles to the key technology pillars of identities, endpoints, application access, networks, infrastructure, and data. |
Additional Zero Trust resources
Use these additional Zero Trust resources based on a documentation set or roles in your organization.
Documentation set
Follow this table for the best Zero Trust documentation sets for your needs.
| Documentation set | Helps you... | Roles |
|---|---|---|
| Adoption framework for phase and step guidance for key business solutions and outcomes | Apply Zero Trust protections from the C-suite to the IT implementation. | Security architects, IT teams, and project managers |
| Zero Trust for small businesses | Apply Zero Trust principles to small business customers. | Customers and partners working with Microsoft 365 for business |
| Zero Trust Rapid Modernization Plan (RaMP) for project management guidance and checklists for easy wins | Quickly implement key layers of Zero Trust protection. | Security architects and IT implementers |
| Zero Trust deployment plan with Microsoft 365 for stepped and detailed design and deployment guidance | Apply Zero Trust protections to your Microsoft 365 tenant. | IT teams and security staff |
| Zero Trust for Microsoft Copilots for stepped and detailed design and deployment guidance | Apply Zero Trust protections to Microsoft Copilots. | IT teams and security staff |
| Zero Trust for Azure services for stepped and detailed design and deployment guidance | Apply Zero Trust protections to Azure workloads and services. | IT teams and security staff |
| Partner integration with Zero Trust for design guidance for technology areas and specializations | Apply Zero Trust protections to partner Microsoft cloud solutions. | Partner developers, IT teams, and security staff |
| Develop using Zero Trust principles for application development design guidance and best practices | Apply Zero Trust protections to your application. | Application developers |
Your role
Follow this table for the best documentation sets for the roles in your organization.
| Role | Documentation set | Helps you... |
|---|---|---|
| Security architect IT project manager IT implementer |
Adoption framework for phase and step guidance for key business solutions and outcomes | Apply Zero Trust protections from the C-suite to the IT implementation. |
| Customer or partner for Microsoft 365 for business | Zero Trust for small businesses | Apply Zero Trust principles to small business customers. |
| Security architect IT implementer |
Zero Trust Rapid Modernization Plan (RaMP) for project management guidance and checklists for easy wins | Quickly implement key layers of Zero Trust protection. |
| Member of an IT or security team for Microsoft 365 | Zero Trust deployment plan with Microsoft 365 for stepped and detailed design and deployment guidance for Microsoft 365 | Apply Zero Trust protections to your Microsoft 365 tenant. |
| Member of an IT or security team for Microsoft Copilots | Zero Trust for Microsoft Copilots for stepped and detailed design and deployment guidance | Apply Zero Trust protections to Microsoft Copilots. |
| Member of an IT or security team for Azure services | Zero Trust for Azure services for stepped and detailed design and deployment guidance | Apply Zero Trust protections to Azure workloads and services. |
| Partner developer or member of an IT or security team | Partner integration with Zero Trust for design guidance for technology areas and specializations | Apply Zero Trust protections to partner Microsoft cloud solutions. |
| Application developer | Develop using Zero Trust principles for application development design guidance and best practices | Apply Zero Trust protections to your application. |
- 登录 发表评论
- 4 次浏览
发布日期
星期四, 七月 25, 2024 - 16:08
最后修改
星期四, 七月 25, 2024 - 16:08
Article
最新内容
- 17 hours ago
- 19 hours ago
- 19 hours 51 minutes ago
- 3 days 10 hours ago
- 3 days 18 hours ago
- 3 days 18 hours ago
- 3 days 19 hours ago
- 3 days 19 hours ago
- 1 week 1 day ago
- 1 week 1 day ago