AWS 零信任架构师 [重复].pdf

《AWS 零信任架构师 [重复].pdf》由会员分享，可在线阅读，更多相关《AWS 零信任架构师 [重复].pdf（27页珍藏版）》请在三个皮匠报告上搜索。

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.A R C 3 2 9-RArchitect for Zero Trust in AWSPratima SinghSr.Solutions Architect,AWSHe/HNishant DhimanSr.Solutions Architect,AWSHe/H 2025,Amazon Web Services,Inc.or i

2、ts affiliates.All rights reserved.The status quoNetworkingIdentityInternet-Facing ControlsMonitoring&EnforcementEgress ControlsService Access ControlsPrivate Connection ControlsAccess Pattern ControlsOrganization-wide Identity GovernanceAuthorization ControlsPrincipal AuthenticationPrivilege Managem

3、ent 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Zero Trust definedA conceptual security model and associated set of mechanisms that focus on providing security controls around digital assets that do not solely or fundamentally depend on traditional network controls or network

4、perimeters 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Whats driving Zero TrustEvolving workforce landscapeShifting regulatory requirementsNeed for more precise access controls 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Guiding Principles for Zero Trust

5、010203Avoid a binary choiceWork backwards from your use casesOne size doesnt fit all 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Avoid Binary ChoiceGuiding principle#1Identity-centricNetwork-centricORVPCSecurity groupAuthN/AuthZAND 2025,Amazon Web Services,Inc.or its affiliate

6、s.All rights reserved.Work BackwardsGuiding principle#2Same:Technical principlesMachine-to-machineHuman-to-applicationDigital transformationDifferent:Organizational objectivesFocus:Problems were trying to solveAvoid:Getting mired in unproductive conversations 2025,Amazon Web Services,Inc.or its affi