Exploring Effective Zero Trust Architecture for Defense Cybersecurity: A Study

• Youngho Kim,
• Seon-Gyoung Sohn,
• Kyeong Tae Kim,
• Hae Sook Jeon,
• Sang-Min Lee,
• Yunkyung Lee,
• Jeongnyeo Kim,

Vol. 18, No. 9, September 30, 2024
10.3837/tiis.2024.09.011, Download Paper (Free):

• access control
• cybersecurity
• Defense
• segmentation
• Zero Trust Architecture

Abstract

The philosophy of Zero Trust in cybersecurity lies in the notion that nothing assumes to be trustworthy by default. This drives defense organizations to modernize their cybersecurity architecture through integrating with the zero-trust principles. The enhanced architecture is expected to shift protection strategy from static and perimeter-centric protection to dynamic and proactive measures depending on the logical contexts of users, assets, and infrastructure. Given the domain context of defense environment, we aim three challenge problems to tackle and identify four technical approaches by the security capabilities defined in the Zero Trust Architecture. First approach, dynamic access control manages visibility and accessibility to resources or services with Multi Factor Authentication and Software Defined Perimeter. Logical network separation approach divides networks on a functional basis by using Software Defined Network and Micro segmentation. Data-driven analysis approach enables machine-aided judgement by utilizing Artificial Intelligence, User and Entity Behavior Analytics. Lastly, Security Awareness approach observes fluid security context of all resources through Continuous Monitoring and Visualization. Based on these approaches, a comprehensive study of modern technologies is presented to materialize the concept that each approach intends to achieve. We expect this study to provide a guidance for defense organizations to take a step on the implementation of their own zero-trust architecture.

Statistics

Cite this article