Industry Insights at 7Clouds® Stay Connected with Industry Trends, Tips and News
Zero Trust: Network Security on a Micro-Scale with Google BeyondCorp
The remote-working culture is here to stay, and tech companies everywhere are getting in on it. Google’s new BeyondCorp uses the zero-trust security model to take the pressure off corporate VPNs in the management of remote worker access to internal networks and applications.
Google BeyondCorp remote access
Google is sharing a little something from the inside with BeyondCorp Remote Access, an internally-adapted technology turned subscription-based service. BeyondCorp provides an easy way for SMEs to set selective and specific access requirements for employees using internal applications. This offers some relief in times of a remote-working culture, when VPN deployment soars beyond what many corporate networks are fit to handle.
By essentially micro-restricting corporate network and application access, SMEs using BeyondCorp authenticate a user’s device identity to authorize entry, regardless of user location (no network perimeter). Security certificates are installed on authorized devices to maintain a database of authorized devices, and human resources databases are integrated to manage username and membership data. Users simply connect through a single sign-on system that authenticates them across internal databases.
Called a zero trust security model, this type of security-via-selectivity is getting popular with corporate tech trends in cloud services and virtualization increasing demand for network perimeter micro-management.
The zero trust security model
A zero trust network security architecture verifies anything and everything seeking to connect to internal systems before granting access. In other words, virtually all internal access is denied until authentication is complete. As the name suggests, nothing and no one is trusted.
This “question everything” approach comes in contrast to the previous castle-and-moat structure, where the perimeters of a network are secured, while everyone and everything already inside is assumed safe and granted access across internal databases. This lack of internal verification has allowed hackers to easily navigate internal applications once across a corporate firewall, feeding their malicious intents.
With SMEs going hybrid more than ever, these old ways aren’t enough anymore. Corporate internal applications are kept both on-premises and on the cloud, while employees work remotely, accessing the corporate network from various devices in multiple locations. The castle isn’t isolated anymore, and single perimeters don’t apply.
What does it take to successfully implement a zero-trust security model? Well, to achieve that level of control and selectivity over letting users in takes micro-segmentation for granular perimeter enforcement. That’s to say, perimeters aren’t disappearing, they’re getting smaller.
Micro-segmentation is the isolation of workloads to secure them individually with secure zones set up in data centers and cloud platforms. It allows for a finer grain monitoring of traffic than a traditionally more coarse segmentation of workloads, by requiring authentication at every move. Granting network access is then based on factors such as identifying and authorizing the user device requesting access (as with BeyondCorp). This, in turn, leads to the development of multifactor authentication protocols, identity access management (IAM), and permissions/governance policies that come together to weave a detailed internal security web.
As Forrester Principal Analyst Chase Cunningham describes, designing a zero-trust architecture starts “from inside the network out vs. outside in.” It’s about the concept of denying all access until trust has been established, and like any security protocol, it’s an ongoing effort.
7Clouds - Contact us today to customize our zero trust security model for your business.
Ann Bednarz, What is microsegmentation? How getting granular improves network security. January 2018.
Chris O’Brien, Google rolls out BeyondCorp for secure remote network access without a VPN. April 2020.
Lucian Constantin, Google enters zero-trust market with BeyondCorp Remote Access offering. April 2020.
Mary K Pratt, What is Zero Trust? A Model for more effective security. January 2018.
What can digital business do for you?Calculate Now
Edge Computing, SD-WAN, and the IoT
The shift from centralized to edge networks with SD-WAN implementations is saving businesses from service interruptions and costly downtimes. Living on the edge Service interruptions...
Edge and Cloud Computing: A Winning Team
“To enable digital transformation, you have to build out the edge computing side and connect it with the cloud—it’s a journey from the edge to...