Zero Trust Architecture: best practices for managing information security risks.
Keywords:
Architecture, Zero trust, Network security, Enterprises, Risk managementAbstract
This article discusses the ZTA model, whose approach consists of zero trust, regarding information security risk management. The bibliographic review allows the dissemination of the concept, and a detailed understanding of the principles and composition of the Zero Trust Architecture. Accompanied by the analysis of good practices currently found, the advantages and benefits of its implementation are highlighted, and difficulties are still presented, since the acceptance of a new paradigm by managers, to the mobilization for the introduction of a new culture and strategy, without neglecting the investment necessary to put this model into practice. At the end of the work, considerations about future challenges and some suggestions, after all the model does not close in itself, it is adapted and adaptable to the needs and particularities of each corporation, in terms of access to data, requiring continuous improvement of its structure and processes.
References
ARRUDA, L. G. S. de; GIOZZA, W. F.; NZE, G. D. A.; NUNES, R. R. Implementação da Arquitetura Zero Trust: uma revisão sistemática de literatura. In: Revista Ibérica de Sistemas e Tecnologias de Informação. Publicado em junho de 2023. Disponível em:
https://ppee.unb.br/wp-content/uploads/2023/07/Comprovante_de_publicacao-3-1.pdf
Acesso em: 07 de setembro 2023.
FORTINET. Fortinet relata que a América Latina foi alvo de mais de 360 bilhões de tentativas de ataques cibernéticos em 2022. Publicado em fevereiro de 2023. Disponível em: https://www.fortinet.com/br/corporate/about-us/newsroom/press-releases/2023/fortiguard-labs-reports-destructive-wiper-malware-increases-over-50-percent. Acesso em: 07 de outubro 2023.
GIL, A. C. Métodos e técnicas de pesquisa social. São Paulo: Atlas,1999.
GOODEN, G. AWS perspective guidance: embracing zero trust: a strategy for secure and agile business transformation. Amazon Web Services Inc., 2023. Disponível em: https://docs.aws.amazon.com/pdfs/prescriptive-guidance/latest/strategy-zero-trust-architecture/strategy-zero-trust-architecture.pdf. Acesso em: 01 de outubro 2023
GOOGLE. BeyondCorp Enterprise. Google, 2022. Disponível em: https://cloud.google.com/beyondcorp-enterprise?hl=pt-br. Acesso em: 03 de outubro 2023.
_________. Implementing zero trust security with chrome enterprise and beyondcorp enterprise. Disponível em: https://services.google.com/fh/files/misc/chrome_enterprise_and_beyondcorp_enterprise_technical_paper.pdf. Acesso em: 04 de outubro 2023.
MALHOTRA, N. Pesquisa de marketing. Porto Alegre: Bookman, 2001.
MARCONI, M.A.; LAKATOS. E.M. Fundamentos da metodologia científica. São Paulo: Atlas, 2003.
MICROSOFT. Envolving zero trust: how real-world deployments and attacks are shaping the future of zero trust strategies. Microsoft Co., 2021. Disponível em: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWJJdT. Acesso em: 05 de outubro 2023.
PECK, J.; Beyer, B.; BESKE, C.; SALTONSTALL, M. Migrating to BeyondCorp: maintaining productivity while improving security. In: Login, vol. 42, nº 2, 2017. Disponível em https://www.usenix.org/publications/login/summer2017/peck. Acesso em: 04 de outubro 2023.
ROSE, S., BORCHERT, O., MITCHELL, S., & CONNELLY, S. Zero Trust Architecture. In: Encyclopedia of Cryptography, Security and Privacy. Springer Berlin Heidelberg: Stafford, 2020. Disponível em: https://doi.org/10.6028/NIST.SP.800-207. Acesso em: 14 de setembro 2023.
SEQUEIRA, J. O paradoxo do Zero Trust: porque 60% das empresas têm dificuldades em maximizar os seus benefícios. Publicado em 24 de fevereiro de 2023. Disponível em: https://www.computerworld.com.pt/2023/02/24/o-paradoxo-do-zero-trust-porque-60-das-empresas-tem-dificuldades-em-maximizar-os-seus-beneficios. Acesso em: 08 de outubro 2023.
TEERAKANOK, S.; UEHARA, T.; INOMATA, A. Migrating to zero trust achitecture: reviews and challenges. Volume 2021. Hindawi, 2021. Disponível em: https://doi.org/10.1155/2021/9947347. Acesso em: 03 de outubro 2023.
WARD, R; BEYER, B. BeyondCorp: a new approach to enterprise security. In: Login, vol 39, nº 6. Publicado em dezembro 2014. Disponível em: https://www.usenix.org/system/files/login/issues/login_dec14_online.pdf. Acesso em: 07 de outubro 2023.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Portugues
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
A Revista Brasileira em Tecnologia da Informação utiliza a licença do Creative Commons (CC), preservando assim, a integridade dos artigos em ambiente de acesso aberto.
