CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Cyber Insight

The Identity of Zero Trust

Fiona Cheng/Research & Development Manager, WebComm Technology

In 2020, all trends have undergone different changes due to the COVID-19, the digital transformation is which has changed people's lifestyle and work mode, and the focus is information security, gradually The development of information security development is directly transferred from trust to zero trust, and the highest principle of zero trust-"no trust, only authentication." Every access request must be fully verified, and only after authorization and encryption can access rights be granted. Only in this way can we more effectively adapt to the complexity of the modern environment, and protect people, devices, applications, and data at any time and place through mobility and digitization.

The goal of Zero Trust is to strengthen and ensure data security within the organization through various control methods by restricting users' rights and access risks. Therefore, the development of digital identity security in response to digitization follows. Including identity verification and identity management, data sensitivity, application, and device status access policies have become important factors for digital identity security and the key foundation for zero trusts.

In particular, one of the policies issued by the Financial Services Regulatory Commission in 2020: from 2021, bankers need to replace OTP with FIDO as the beginning of zero trusts; and FIDO is a part of digital identity verification. In identity verification, FIDO and SSO must be fully integrated, and privilege management must be added in order to effectively achieve information security control, which is also the key basis for zero trusts.