Move to Main Content

ESG Sustainability-B ESG Sustainability-W

:::
Search
Taiwan International Ports Corporation
中文
::: MenuButtonText
:::
To skip this submenu, press [Enter], to continue, press [Tab]

Never Trust, Always Verify: TIPC's Journey to Zero Trust Cybersecurity

:::

Traditional cybersecurity defense has focused on preventing external threats, with control boundaries defined by internal and external users as well as network firewalls. However, with the rise of cloud services, the prevalence of remote work, and the evolution of hacking techniques, these boundaries have become increasingly blurred. At the same time, the level of trust in users and devices has declined, giving rise to the concept of Zero Trust.

To enhance the trustworthiness of users and devices, the U.S. National Institute of Standards and Technology (NIST) published SP 800-207: Zero Trust Architecture, which emphasizes the principle of “never trust, always verify” for any data access. This ensures consistent security regardless of when or where data is accessed.

In 2023, TIPC introduced two-factor authentication (2FA) for all externally accessible services used by internal employees (such as email and private cloud storage). Features including mobile authentication, connection source logging, and automatic blocking of abnormal logins have strengthened identity verification mechanisms for internal users. Moreover, 2FA enables employees to instantly confirm whether an operation was performed by themselves. Following implementation, the IT department also received proactive abnormal login reports from employees, effectively shortening incident response times.

To further strengthen privileged account management, in 2024 TIPC first implemented a Privileged Account Management System at its headquarters. Before initiating remote access, vendors are required to submit requests to TIPC administrators and may only log in to servers via the system combined with 2FA after approval. The Privileged Account Management System provides session time control, real-time monitoring, statistical analysis, activity recording, and playback.

In alignment with the National Information Security Development Program (2021–2024) promoted by the Administration for Cyber Security, Ministry of Digital Affairs, which prioritizes the adoption of Zero Trust Architecture in tier-A government agencies, TIPC has proactively advanced its cybersecurity mechanisms. By progressively implementing Taiwan’s Zero Trust framework, the company continues to strengthen its cyber defense capabilities and provide high-quality information services within a secure digital environment.

Album
  • Left: Last photo
  • Right: Next photo
  • ESC: Leave album
TIPC Zero Trust Cybersecurity Architecture
Last Updated:2025-09-04
Return to list
Top