The foundation of QAX Zero Trust is to provide identity-based adaptive access control. Digital identity is the cornerstone of our Zero Trust Architecture, and it needs to realize comprehensive identity management. The solution establishes a unified digital identity tag and governance process for physical entities such as users, devices, applications, and business systems.
With QAX Zero Trust, all access requests including user accessing to business application, application APIs calling, etc. should be authenticated, licensed, and have considerable trust level.
With QAX Zero Trust, one-time authentication cannot ensure the continuous legitimacy of identity. Continuous trust evaluation is a key method to build trust from scratch in Zero Trust Architecture. Even if a strong multi-factor authentication is used, it is still necessary to continuously conduct trust evaluation by measuring the risk of access subject.
The trust evaluation of the subject is based on several factors, such as the authentication methods used, the health of the device, whether the application is distributed by the enterprise, and the access behavior, etc.; the trust evaluation of the environment might include access time, source IP address, source geographic location, access frequency, device similarity, etc.
With QAX Zero Trust, the access rights of the subject are not static, but dynamically calculated and measured according to subject attributes, object attributes environment and continuous trust evaluation results. The traditional access control mechanism is a macro binary logic, mostly based on static authorization rules, blacklisting and whitelisting and other technical means for one-time evaluation. The access control in Zero Trust Architecture is based on the idea of continuous measurement and automatic adaptation, which is a dynamic micro decision logic.
Establishing industry benchmark by adopting Zero Trust Architecture to solve data access problems of enterprise customers.
The solution has been standardized, and been practiced in real enterprise projects, rapid upgrade and deployment can be realized.
Reconstructing enterprise information security boundary, solving the data access security problems.
Adopting the unified digital identity information realize the comprehensive authentication of the access user identity.
Meet real-time security requirements through fine-grained and dynamic authorization methods.
Centralized business agent provides channel encryption and attack protection functions to effectively protect the transmitted data.
Obtain real-time environment security status, access behavior data, intelligently analyze risks and adjust access control policies.
Through automatic identity management, authentication, and authorization capabilities, it effectively reduces the workload and human error of enterprise IT personnel.
Solve security problems from architecture level in low investment, high reliability and avoiding redundant construction.
Eliminate physical logical boundaries and provide access to enterprise data in anytime, anywhere.
Automatically obtain user identity security status for access authorization, and secure user access without sense.