• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.3-11
• /
• 2023

Zero Trust, characterized by the principle of "Never Trust, Always Verify," represents a novel security paradigm. The proliferation of remote work and the widespread use of cloud services have led to the establishment of Work From Anywhere (WFA) environments, where access to corporate systems is possible from any location. In such environments, the boundaries between internal and external networks have become increasingly ambiguous, rendering traditional perimeter security models inadequate to address the complex and diverse nature of cyber threats and attacks. This research paper introduces the implementation principles of Zero Trust and focuses on the Micro Segmentation approach, highlighting its relevance in mitigating the limitations of perimeter security. By leveraging the risk management framework provided by the National Institute of Standards and Technology (NIST), this paper proposes a comprehensive procedure for the adoption of Zero Trust. The aim is to empower organizations to enhance their security strategies.

• Smart Media Journal
• /
• v.12 no.9
• /
• pp.60-71
• /
• 2023

A microservice architecture that accommodates the heterogeneity of various development environments and enables flexible maintenance can secure business agility to manage services in line with rapidly changing requirements. Due to the nature of MSA, where communication between microservices within a service is frequent, the boundary security that has been used in the past is not sufficient in terms of security, and a Zerotrust system is required. In addition, as the size of microservices increases, definition of access control policies according to the API format of each service is required, and difficulties in policy management increase, such as unnecessary governance overhead in the process of redistributing services. In this paper, we propose a microservice architecture that centrally manages policies by separating access control decision and enforcement with a general-purpose policy engine called OPA (Open Policy Agent) for collective and flexible policy management in Zerotrust security-applied environments.