It is apparent that traditional models of security have failed modern IT organizations. With breaches a frequent feature of the newscycle, locking down the network is critical. Many IT admins are starting to hear about the Zero Trust Security model and, with it, they are looking for an introduction to BeyondCorp™.
What is BeyondCorp?
BeyondCorp is an implementation model for Zero Trust Security created by Google. With Google’s intense focus on security, their globally distributed workforce and infrastructure, and cloud-forward nature, they were looking for a new security model. Whether they came up with their version of Zero Trust Security independently or not, Google’s BeyondCorp implementation is an approach worth studying.
What is Zero Trust Security?
But, before diving into the actual specifics of a BeyondCorp implementation, we should step back and understand why Zero Trust Security is important. The traditional approach to security was based on the concept of the perimeter, a collection of various layers of protection. When you were inside the perimeter, you were “safe” and everything outside the perimeter was unsafe. In order to access the safe network interior you either needed to be inside—on the domain—or you needed to VPN in to gain access.
Google realized long ago that this model was antiquated. Their business revolved around driving infrastructure to the cloud, and their globally dispersed workforce meant that it was difficult to have a centralized interior domain. So, they scrapped the whole approach and decided to start with the assumption that everything including people, systems, IT resources, networks, and more were all untrusted by default.
With everything untrusted, the BeyondCorp model then works to create trust through verifying identities, checking system configurations and settings, controlling access, and securing network connections. These approaches and more ensure that users can seamlessly and safely do work from anywhere in the world with any type of resources, regardless of its location and without VPNs. This was a breakthrough approach and really eliminated the concept of the network perimeter and, by consequence, the concept of the domain.
Dealing with Change
For most organizations, this approach is quite new (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/introduction-to-beyondcorp/