Google shares details on its BeyondCorp ‘zero trust’ security approach
Google LLC today published a lengthy blog post detailing how it implemented the BeyondCorp security approach within its organization, in order to control who accesses its systems and data.
BeyondCorp is a “zero trust” security framework that shifts access controls from the perimeter to individual devices and users, allowing employees to work securely from any location without the need for a traditional virtual private network.
Max Saltonstall, technical director of Google’s office of the chief technology officer, said Google was responding to requests from other organizations for advice on how to set up the security model for their own use. Those requests came after Google published several research papers describing the initiative.
“They’re looking for step-by-step help in applying these context-based access practices in their particular organizations, so we’ve created a series about some of our best practices at Google,” Saltonstall said of those requests.
Google created BeyondCorp back in 2010 after falling victim to Chinese hackers that gained access to its network and stole intellectual property, Saltonstall said. Those attacks prompted Google to move away from an access control approach to its security that relied on older concepts such as virtual private networks.
With BeyondCorp, access control is no longer based on whether users are requesting that access from inside or outside of the corporate network. BeyondCorp assumes that users requesting access from inside the network are just as untrustworthy as those seeking remote access.
As a result, access requests are instead granted based on details about the particular users, their jobs and the security status of the device they’re using. This is the so-called zero trust model in a nutshell, and Google said it’s more effective as traditional network security controls can no longer be trusted following the 2010 hack on its systems.
“The first step to moving from a privileged corporate network (usually with a VPN at its core) to a zero-trust network is to know your people and know your devices,” Saltonstall said.
Google did this by restructuring its job role hierarchies so as to understand better the access levels that different workers require on a daily basis. The company also created a new master inventory of all of its worker’s devices. That involved building a new meta-inventory service that draws data from its asset management tools in order to establish a central and trustworthy record of all of its devices.
Lastly, Google said, organizations looking to deploy BeyondCorp need to understand the applications they use internally and what security policies govern access to them. This requires understanding job roles, who gets to access specific services, and the implementation of identity-aware security controls to prevent unauthorized access.
Google isn’t the only company promoting the BeyondCorp model. Last March, startup Luminate Security emerged from stealth with $14 million in a combined seed and Series A round of funding with its own take on BeyondCorp. Luminate provides BeyondCorp “as-a-service” providing a security governance framework that shores up corporate networks while allowing employees to access the resources they need from any device safely. Luminate also borrows concepts from the “software-defined perimeter framework.” These frameworks are based on the Department of Defense’s “need-to-know” model, which specifies that all endpoints attempting to access a given infrastructure must be authenticated and authorized prior to entrance.
A second company looking to capitalize on the zero-trust approach is Centrify Corp., whose Chief Product Officer Bill Mann appeared late last year on theCUBE, SiliconANGLE’s mobile event streaming studio. He spoke about how trusted identity management solutions are becoming a competitive differentiator for organizations that implement them:
Image: Google
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU