Overview of JD.com's Five‑Element Zero Trust Security Framework

This whitepaper presents JD.com's practical experience with zero‑trust security, aiming to provide digital enterprises with reference material for building security capabilities, lowering deployment costs, enhancing data governance, and complying with national security laws and regulations.

Amid rapid information technology and digital transformation, data has become a critical production factor, prompting strong policy focus such as the Data Security Law, Cybersecurity Law, and Personal Information Protection Law. JD leverages its supply‑chain‑based digital business to improve security and support high‑quality economic development.

Traditional perimeter‑based security can no longer address rising supply‑chain risks and sophisticated attack‑defense dynamics, making zero‑trust strategies a more effective choice for modern enterprises.

JD's zero‑trust system expands the classic three elements—identity, security checkpoints, and continuous access control—by adding two new dimensions: asset digitization and a zero‑trust cockpit, forming a five‑element framework.

The five core components are: 1. Asset Digitization: JD builds an advanced unknown‑asset detection system to discover and eliminate blind spots beyond traditional asset inventories. 2. Asset Identity: Extends identity to data and all assets, assigning unique identifiers and enabling fine‑grained permission control. 3. Diversified Security Checkpoints: Deploys checkpoints throughout the request chain, reducing attack surface and providing precise defense. 4. Strategy Center: Supports multiple access‑control models (ABAC, RBAC, PBAC, OBAC, TBAC) for dynamic, continuous authentication. 5. Zero‑Trust Cockpit: Offers asset risk quantification and security‑investment ROI models to help enterprises assess and plan security initiatives.

The whitepaper serves as a practical guide for the industry, showcasing how JD's zero‑trust implementation can aid enterprises in measuring security posture, closing gaps, and safeguarding data and systems.

Original whitepaper link: JD Zero Trust Security Construction Practice Whitepaper