As the IT landscape has changed, many IT organizations are looking at the Zero Trust Security model as a potential way to reduce the risk of a security breach. With web applications and cloud infrastructure usage on the rise in the majority of organizations, the perimeter for most IT organizations has effectively evaporated. With no perimeter to secure, Google has created a model for Zero Trust Security and it is called BeyondCorp™. In this article, we will discuss answers to the question, “What is BeyondCorp?” and why this Zero Trust Security implementation could be instructive.
What is Zero Trust Security?
The concept of Zero Trust Security started a few years ago and has only been gaining more ground. The reasoning behind its conception is quite simple, with web and cloud infrastructure and a more mobile workforce, the network perimeter was vanishishing. No longer were all the resources a user required locked away behind firewalls and VPNs; they were all on the web itself. Due to this distinction, Zero Trust Security’s fundamental tenet is that everything should be untrusted including: users, systems, IT resources, networks, etc.—and that trust should be generated through a variety of challenges and data points.
Google’s Take with BeyondCorp
Google understood this better than anyone because of their focus on shifting IT resources to the cloud as well as their globally dispersed workforce. In order to improve the security and productivity of their employees Google created the BeyondCorp (Beyond the Corporate network) model, which was loosely based on the concepts from Zero Trust Security. Google’s interpretation created a model to verify identities, validate the health of systems, and ensure secure connections for their employees when they were working online. This system meant that Google did not have the concept of a perimeter or domain for their employees, instead Google required that trust be generated each step of the way. A lot of these processes would happen behind the scenes, invisible to the end user, but of course ensuring that the person is who they say they are. This represents a foundational aspect of their system.