{"id":8619,"date":"2020-07-23T13:32:32","date_gmt":"2020-07-23T10:32:32","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=8619"},"modified":"2020-07-23T13:32:32","modified_gmt":"2020-07-23T10:32:32","slug":"zero-trust-security","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/zero-trust-security\/8619\/","title":{"rendered":"Asla g\u00fcvenmeyin, daima do\u011frulay\u0131n: S\u0131f\u0131r G\u00fcven g\u00fcvenlik modeli"},"content":{"rendered":"<p>S\u0131f\u0131r G\u00fcven modeli son y\u0131llarda i\u015fletmeler aras\u0131nda pop\u00fclerlik kazan\u0131yor. 2019 verilerine g\u00f6re, bilgi g\u00fcvenli\u011fi ekiplerinin % 78\u2019i <a href=\"https:\/\/www.cybersecurity-insiders.com\/portfolio\/2019-zero-trust-adoption-report\/\" target=\"_blank\" rel=\"noopener nofollow\">bu modeli uygulam\u0131\u015f veya en az\u0131ndan uygulamay\u0131 planl\u0131yor<\/a>. Bu yaz\u0131da, S\u0131f\u0131r G\u00fcven modelini i\u015fletmeler i\u00e7in cazip hale getiren unsurlar\u0131 inceliyoruz.<\/p>\n<h2>Art\u0131k \u00e7evre yok<\/h2>\n<p>Kurumsal altyap\u0131 korumas\u0131nda yayg\u0131n bir terim olan \u00e7evre g\u00fcvenli\u011fi, altyap\u0131n\u0131n d\u0131\u015f\u0131ndan kurumsal kaynaklara ba\u011flanma giri\u015fimleri i\u00e7in kapsaml\u0131 denetimlerin kullan\u0131m\u0131n\u0131 kapsar. \u00c7evre g\u00fcvenli\u011fi, temelde, kurumsal a\u011f ile d\u00fcnyan\u0131n geri kalan\u0131 aras\u0131nda bir s\u0131n\u0131r olu\u015fturur. Ancak \u00e7evrenin i\u00e7ini (\u015firket a\u011f\u0131n\u0131n i\u00e7ini) kullan\u0131c\u0131lar\u0131n, cihazlar\u0131n ve uygulamalar\u0131n belirli bir \u00f6zg\u00fcrl\u00fc\u011fe sahip oldu\u011fu g\u00fcvenilir bir b\u00f6lge haline getirir.<\/p>\n<p>\u00c7evre g\u00fcvenli\u011fi, g\u00fcvenilen b\u00f6lge yerel eri\u015fim a\u011f\u0131 ve ona ba\u011fl\u0131 sabit cihazlar ile s\u0131n\u0131rl\u0131 oldu\u011fu s\u00fcrece i\u015fe yar\u0131yor. Ancak \u00e7al\u0131\u015fanlar taraf\u0131ndan kullan\u0131lan mobil cihazlar\u0131n ve bulut hizmetlerinin say\u0131s\u0131 artt\u0131k\u00e7a \u201c\u00e7evre\u201d kavram\u0131 bulan\u0131kla\u015ft\u0131. G\u00fcn\u00fcm\u00fczde kurumsal kaynaklar\u0131n en az\u0131ndan bir k\u0131sm\u0131 ofis d\u0131\u015f\u0131nda, hatta yurt d\u0131\u015f\u0131nda bulunuyor. Bunlar\u0131 y\u00fcksek duvarlar\u0131n arkas\u0131na saklamaya \u00e7al\u0131\u015fmak, en iyi ihtimalle pratik olmaz. Art\u0131k g\u00fcvenilir b\u00f6lgeye n\u00fcfuz etmek ve burada hi\u00e7bir engelle kar\u015f\u0131la\u015fmadan dola\u015fmak \u00e7ok daha kolay.<\/p>\n<p>2010 y\u0131l\u0131nda, Forrester Ara\u015ft\u0131rma Ba\u015f Analisti John Kindervag, \u00e7evre g\u00fcvenli\u011fine alternatif olarak S\u0131f\u0131r G\u00fcven kavram\u0131n\u0131 ortaya koydu. D\u0131\u015f ve i\u00e7 ayr\u0131mlardan vazge\u00e7meyi ve bunun yerine kaynaklara odaklanmay\u0131 \u00f6nerdi. S\u0131f\u0131r G\u00fcven, \u00f6z\u00fcnde, herhangi bir t\u00fcr g\u00fcvenilir b\u00f6lgenin olmamas\u0131d\u0131r. Bu modelde; kullan\u0131c\u0131lar, cihazlar ve uygulamalar, kurumsal bir kayna\u011fa her eri\u015fim talebinde bulunduklar\u0131nda denetime tabidir.<\/p>\n<h2>Pratikte S\u0131f\u0131r G\u00fcven<\/h2>\n<p>S\u0131f\u0131r G\u00fcven tabanl\u0131 bir g\u00fcvenlik sistemi kurman\u0131n birden fazla yolu vard\u0131r. Buna ra\u011fmen, b\u00f6yle bir sistemin olu\u015fturulmas\u0131na yard\u0131mc\u0131 olabilecek birka\u00e7 temel prensip tan\u0131mlanabilir.<\/p>\n<h3>Sald\u0131r\u0131 y\u00fczeyi yerine koruma y\u00fczeyi<\/h3>\n<p>S\u0131f\u0131r G\u00fcven konsepti karakteristik olarak kurulu\u015fun yetkisiz eri\u015fime kar\u015f\u0131 korumas\u0131 gereken her \u015feyi (gizli veriler, altyap\u0131 bile\u015fenleri, vb.) bar\u0131nd\u0131ran gizli bir y\u00fczey i\u00e7erir. Koruma y\u00fczeyi; potansiyel olarak savunmas\u0131z t\u00fcm altyap\u0131 varl\u0131klar\u0131n\u0131, s\u00fcre\u00e7leri ve akt\u00f6rleri i\u00e7eren sald\u0131r\u0131 y\u00fczeyinden \u00f6nemli \u00f6l\u00e7\u00fcde daha k\u00fc\u00e7\u00fckt\u00fcr. Bu nedenle koruma y\u00fczeyinin g\u00fcvenli olmas\u0131n\u0131 sa\u011flamak, sald\u0131r\u0131 y\u00fczeyini s\u0131f\u0131ra d\u00fc\u015f\u00fcrmekten daha kolayd\u0131r.<\/p>\n<h3>Mikrosegmentasyon<\/h3>\n<p>S\u0131f\u0131r G\u00fcven modeli, d\u0131\u015f \u00e7evre korumas\u0131 sa\u011flayan klasik yakla\u015f\u0131m\u0131n aksine, kurumsal altyap\u0131y\u0131 ve di\u011fer kaynaklar\u0131 en az bir cihaz veya uygulamadan olu\u015fan k\u00fc\u00e7\u00fck d\u00fc\u011f\u00fcmlere ay\u0131r\u0131r. Sonu\u00e7ta, her biri kendi g\u00fcvenlik politikalar\u0131na ve eri\u015fim izinlerine sahip olan, eri\u015fimi y\u00f6netmede esnekli\u011fe izin veren ve \u015firketlerin a\u011f i\u00e7indeki bir tehdidin kontrols\u00fcz yay\u0131l\u0131m\u0131n\u0131 engellemesini sa\u011flayan \u00e7ok say\u0131da mikroskopik \u00e7evre olu\u015fur.<\/p>\n<h3>En az ayr\u0131cal\u0131k ilkesi<\/h3>\n<p>Her kullan\u0131c\u0131ya yaln\u0131zca kendi g\u00f6revlerini yerine getirmesi i\u00e7in gerekli olan ayr\u0131cal\u0131klar verilir. B\u00f6ylece, sald\u0131r\u0131ya u\u011frayan bireysel bir kullan\u0131c\u0131 hesab\u0131, altyap\u0131n\u0131n yaln\u0131zca bir k\u0131sm\u0131n\u0131 tehlikeye atm\u0131\u015f olur.<\/p>\n<h3>Kimlik Do\u011frulama<\/h3>\n<p>S\u0131f\u0131r G\u00fcven doktrini, aksi kan\u0131tlanmad\u0131k\u00e7a kurumsal bilgilere eri\u015fim sa\u011flama giri\u015fimlerini potansiyel bir tehdit olarak ele al\u0131nmas\u0131 gerekti\u011fini s\u00f6yler. Bu nedenle, her kullan\u0131c\u0131, cihaz ve uygulama, her oturum i\u00e7in kimlik do\u011frulama prosed\u00fcr\u00fcn\u00fc ge\u00e7meli ve eldeki verilere eri\u015fme hakk\u0131na sahip oldu\u011funu kan\u0131tlamal\u0131d\u0131r.<\/p>\n<h3>Tam kontrol<\/h3>\n<p>S\u0131f\u0131r G\u00fcven modelinin etkili olabilmesi i\u00e7in BT ekibinin her \u00e7al\u0131\u015fma cihaz\u0131n\u0131 ve uygulamas\u0131n\u0131 kontrol etme becerisine sahip olmas\u0131 gerekir. Ayr\u0131ca, u\u00e7 noktalardaki ve di\u011fer altyap\u0131 bile\u015fenlerindeki her olaya dair bilgileri kaydedip analiz etmek de \u015fartt\u0131r.<\/p>\n<h2>S\u0131f\u0131r G\u00fcven\u2019in Avantajlar\u0131<\/h2>\n<p>S\u0131f\u0131r G\u00fcven, i\u015fletme mobille\u015ftik\u00e7e giderek bulan\u0131kla\u015fan \u00e7evreyi koruma ihtiyac\u0131n\u0131 ortadan kald\u0131rman\u0131n yan\u0131 s\u0131ra, di\u011fer baz\u0131 sorunlar\u0131 da \u00e7\u00f6zer. \u00d6zellikle, her s\u00fcre\u00e7 akt\u00f6r\u00fc s\u00fcrekli ve tekrar tekrar kontrol edildi\u011finde \u015firketler, \u00f6rne\u011fin i\u015ften ayr\u0131lan \u00e7al\u0131\u015fanlar\u0131n eri\u015fim ayr\u0131cal\u0131klar\u0131n\u0131 kald\u0131rarak veya sorumluluklar\u0131 de\u011fi\u015fmi\u015f olanlar\u0131n ayr\u0131cal\u0131klar\u0131n\u0131 ayarlayarak de\u011fi\u015fime daha kolay adapte olabilirler.<\/p>\n<h2>S\u0131f\u0131r G\u00fcven\u2019in uygulanmas\u0131ndaki zorluklar<\/h2>\n<p>S\u0131f\u0131r G\u00fcven\u2019e ge\u00e7i\u015f, baz\u0131 i\u015fletmeler i\u00e7in zor ve uzun bir s\u00fcre\u00e7 olabilir. \u00c7al\u0131\u015fanlar\u0131n\u0131z i\u015f i\u00e7in hem ofis ekipman\u0131n\u0131 hem de ki\u015fisel cihazlar\u0131 kullan\u0131yorsa t\u00fcm ekipman envantere al\u0131nmal\u0131d\u0131r; i\u015f i\u00e7in gerekli olan cihazlarda kurumsal politikalar olu\u015fturulmal\u0131d\u0131r ve di\u011fer cihazlar\u0131n \u015firket kaynaklar\u0131na eri\u015fimi engellenmelidir. Birden fazla \u015fehirde ve \u00fclkede \u015fubesi olan b\u00fcy\u00fck \u015firketler i\u00e7in bu i\u015flem biraz zaman alacakt\u0131r.<\/p>\n<p>T\u00fcm sistemler S\u0131f\u0131r G\u00fcven\u2019e ge\u00e7i\u015fe e\u015fit derecede uygun de\u011fildir. \u00d6rne\u011fin, \u015firketinizin karma\u015f\u0131k bir altyap\u0131s\u0131 varsa sisteminiz, mevcut g\u00fcvenlik standartlar\u0131n\u0131 destekleyemeyen eski cihazlar veya yaz\u0131l\u0131mlar i\u00e7eriyor olabilir. Bu sistemlerin de\u011fi\u015ftirilmesi zaman ve para gerektirir.<\/p>\n<p>BT ve bilgi g\u00fcvenli\u011fi ekiplerinizin \u00fcyeleri de dahil olmak \u00fczere \u00e7al\u0131\u015fanlar\u0131n\u0131z, t\u00fcm \u00e7er\u00e7evenin de\u011fi\u015fmesine haz\u0131r olmayabilir. Sonu\u00e7ta, altyap\u0131n\u0131z\u0131n eri\u015fim kontrol\u00fc ve y\u00f6netiminden sorumlu olan onlard\u0131r.<\/p>\n<p>Bu, bir\u00e7ok durumda \u015firketlerin kademeli bir S\u0131f\u0131r G\u00fcven ge\u00e7i\u015f plan\u0131na ihtiya\u00e7 duyabilece\u011fi anlam\u0131na gelir. \u00d6rne\u011fin Google, S\u0131f\u0131r G\u00fcven\u2019e dayanan BeyondCorp \u00e7er\u00e7evesini olu\u015fturmak i\u00e7in yedi y\u0131l harcad\u0131. Daha az \u015fubeli kurumsal i\u015fletmeler i\u00e7in uygulama s\u00fcresi \u00f6nemli \u00f6l\u00e7\u00fcde daha k\u0131sa olsa da, s\u00fcreci birka\u00e7 haftaya, hatta birka\u00e7 aya s\u0131k\u0131\u015ft\u0131rmay\u0131 beklememelisiniz.<\/p>\n<h2>S\u0131f\u0131r G\u00fcven, gelece\u011fin g\u00fcvenli\u011fi<\/h2>\n<p>Bu nedenle, en son teknolojiler kullan\u0131l\u0131yor olsa bile, geleneksel \u00e7evre g\u00fcvenli\u011finden S\u0131f\u0131r G\u00fcven \u00e7er\u00e7evesi alt\u0131nda bir koruma y\u00fczeyinin sa\u011flanmas\u0131na ge\u00e7i\u015f, hem m\u00fchendislik a\u00e7\u0131s\u0131ndan hem de \u00e7al\u0131\u015fan zihniyetinin de\u011fi\u015ftirilmesi a\u00e7\u0131s\u0131ndan yine de basit ya da h\u0131zl\u0131 ger\u00e7ekle\u015fen bir proje olmayabilir. Bununla birlikte, \u015firketin daha az bilgi g\u00fcvenli\u011fi harcamas\u0131 yapmas\u0131n\u0131, daha az say\u0131da olayla kar\u015f\u0131la\u015fmas\u0131n\u0131 ve bunlardan kaynaklanan hasar\u0131n en aza indirilmesini sa\u011flayacakt\u0131r.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-b2b\">\n","protected":false},"excerpt":{"rendered":"<p>S\u0131f\u0131r G\u00fcven nedir ve modern i\u015fletmeler i\u00e7in neden caziptir?<\/p>\n","protected":false},"author":2509,"featured_media":8620,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2242,2241],"class_list":{"0":"post-8619","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-kurumsal-guvenlik","10":"tag-sifir-guven"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/zero-trust-security\/8619\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/zero-trust-security\/21613\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/zero-trust-security\/17077\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/zero-trust-security\/8442\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/zero-trust-security\/22885\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/zero-trust-security\/21072\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/zero-trust-security\/19747\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/zero-trust-security\/23550\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/zero-trust-security\/22371\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/zero-trust-security\/28780\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/zero-trust-security\/36423\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/zero-trust-security\/15339\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/zero-trust-security\/15805\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/zero-trust-security\/13715\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/zero-trust-security\/24785\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/zero-trust-security\/25716\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/zero-trust-security\/22636\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/zero-trust-security\/27898\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/zero-trust-security\/27734\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/kurumsal-guvenlik\/","name":"kurumsal g\u00fcvenlik"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8619","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2509"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=8619"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8619\/revisions"}],"predecessor-version":[{"id":8622,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8619\/revisions\/8622"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/8620"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=8619"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=8619"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=8619"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}