什么是基于角色的访问安全性?
什么是基于角色的访问安全性?
Role-based access security provides a user or device on the network with the least amount of access to corporate resources to do its job, according to its defined role.
基于角色的访问安全是采用零信任网络访问的关键。Zero Trustis a security model in which no device, user, or network segment is inherently trustworthy and thus should be treated as a potential threat.
为什么采用基于角色的访问安全性?
新的商业模式(例如混合工作)正在推动效率的需求。同时,企业网络中的物联网(或不知情)设备的扩散正在导致脆弱性增加。为了满足分散的,IOT驱动的网络的安全要求,IT团队需要的解决方案比旧方法(例如基于周边的安全性)(通常提供)提供了更多的可见性,控制和执法。
基于角色的政策简化了零信任和SASE安全框架的采用。无论地理位置位置或连接点与网络的连接点,都可以在有线和无线网络上进行策略定义。适当的政策可以在整个企业中旅行,从校园到分支机构到家庭办公室时,可以始终如一地关注用户和设备。
基于角色的访问安全性如何工作?
Role-based access security starts with roles. A role is a logical grouping of clients with common permissions that include application access rights and inter-user or device communication. Roles are built on the Zero Trust Enforcement Model, where users and devices are denied access to other devices and applications by default unless explicitly given permissions. Role-based policies enable businesses to translate security intent to network designs, abstracting the underlying complexities of the network. Those policies are then enforced throughout the network, by either allowing or blocking access.
什么是基于角色的政策?
基于角色的政策的新方法define security policies. Traditionally, location-/network-specific constructs such as IP addresses or subnets defined security policies, but this can lead to complexity and inflexibility in the network due to the lack of client mobility brought about by these segmentation requirements. IT teams also miss the opportunity for automation as they have to pre-provision the network based on these VLANs and subnet constructs.
基于角色的策略允许通过将基于身份的角色分配给端点和用户来从基础网络基础结构中抽象出访问策略。这些身份是通过通过身份存储(例如Active Directory)身份验证来得出的,或者通过分析这些终点如何表现客户见解.
Is role-based access security the same as micro-segmentation?
Micro-segmentation refers to limiting network access according to Zero Trust security principles. Micro-segmentation is similar to role-based access security in that entities are untrusted by default and least access is granted according to an entity’s function. However, micro-segmentation commonly relates to limiting network access for workloads in a data center. Role-based access security — which relates to users and devices frequently found in campuses and branches — complements micro-segmentation in non-data center enterprise networks.
基于角色的访问安全性有什么好处?
Role-based access security offers several advantages over manual, VLAN-based methods of limiting access to resources, including:
- Simplified network design and operations, as role-based policies are abstracted from underlying network infrastructure
- More consistent protection, as role-based policies are enforced the same way throughout the network, without manual configuration requirements
- 更轻松的网络和安全操作,因为网络不再需要使用传统网络构造(例如VLAN)进行细分
- Faster user and device onboarding because IT administrators don’t have to pre-provision the network
- Enhanced agility while supporting the dynamic requirements of the business, as roles and policies can be defined and modified according to desired business outcome
Related resources
