Gao, YuanLou, XinxinReussner, Ralf H.Koziolek, AnneHeinrich, Robert2021-01-272021-01-272021978-3-88579-701-2https://dl.gi.de/handle/20.500.12116/34738The marketing engagement of Internet of Things (IoT) shows a wide vista together with Industry 4.0 regarding modern manufacturing and services. However, the evolution of technologies and rising regulation concerns regarding security and privacy are bring challenges to IoT solutions. On one side, the security analysis of IoT solutions has to consider the security posture in a much wider scope including both edge and cloud sides even across global geo-locations. On the other side, new regulation requirements demand a full tracking of data access. In addition, authorizations should be evaluated explicitly and can be revoked any time for maximizing data protection. Both challenges can be solved by implementing a novel security model targeting those requirements while zero trust model is a good candidate. Thus in this paper, we compared the most commonly used perimeter security model and the zero trust model under the circumstance for modern IoT solutions. Furthermore, from the regulation perspective, the concepts of zero trust model are analyzed to show its compliance with regulation requirements. For easing the discussion of IoT solutions, a general IoT architecture is proposed and relevant zero trust model implementations are described. Especially, the zero trust model relevant security controls are highlighted as a guidance for the design of IoT solutions. As the conclusion, we propose a general implementation of zero trust model within the context of IoT solution to solve the challenges facing by the industry.enOperational Security ModelZero Trust ModelCloud SecurityEdge ComputingIEC 62443Industry 4.0GDPRIoTIIoT10.18420/inf2020_301617-5468