Abstract: Zero trust has become the next generation security trend. Based on zero trust security idea and software defined perimeter security architecture, Enlink zero trust solution provides an endtoend security protection for the whole life cycle of organizational application access. The solution includes six modules: Identity and access management supports multi factor authentication to ensure user credibility; Terminal environment perception provides multidimensional terminal environment inspection to ensure terminal compliance; Enlink software defined perimeter uses attribute based access control to realize finegrained dynamic permission controllability; Multi domain segmentation of security workspace make sure that your business data will not leaked out; Application programming interface gateway enables decoupling of business system to ensure application credibility; User behavior analysis continuously monitors the legally users to ensure their behavior compliance. Based on above, Enlink zero trust solution provides application access security protection for enterprises and institutions with trusted access, secure transmission, reliable isolation and continuous monitoring, comprehensively ensures the organization’s network security and data security.

Key words: zero trust, multi factor authentication, micro segmentation, software defined perimeter, telecommuting, data leakage prevention

摘要： 零信任已经成为下一代安全趋势，易安联零信任解决方案基于零信任安全思想，遵循软件定义边界安全架构，构建了端到端的组织应用访问全生命周期安全防护.方案包含6大功能模块：统一身份管理通过多因素认证确保用户可信；终端环境感知支持多维度终端环境检查确保终端合规；安界防护平台基于属性的细粒度动态权限策略实现权限可控；安全工作空间多域隔离机制保障业务数据不泄露；数据交换网关使业务系统的接口解耦，保障应用可信；用户行为分析对合法登入的用户持续监控保障行为合规.基于此，易安联零信任解决方案实现了应用访问的可信接入、安全传输、可靠隔离和持续监控，为企事业组织提供“云管端”一体化应用访问安全保护，全方位保障组织的网络安全和数据安全.

关键词: 零信任, 多因素认证, 微隔离, 软件定义边界, 远程办公, 数据防泄露