Security Bloggers Network 

How Does BeyondCorp Affect Small to Medium Businesses (SMBs)?

by Zach DeMeyer on December 1, 2020

Results from the Verizon Data Breach Investigation Report (DBIR) show that no one is safe from a data breach — particularly small to medium-sized businesses (SMBs). Due to a rise in attacks as a result of a shift to remote work, many SMBs are reconsidering their security practices. One approach they consider is BeyondCorp, or more generally, a Zero Trust security model. Let’s explore how BeyondCorp affects SMBs and how they can best implement Zero Trust in their organizations.

What is BeyondCorp?

BeyondCorp is Google®‘s implementation of a Zero Trust security model. This networking model was built after many years of design, research, and feedback. In Google’s implementation, they shifted all of the network’s access controls to the individual users, devices, and access gateways so employees, contractors, and others can work from any location without using a VPN connection. BeyondCorp provides user- and device-based authentication and authorization for Google’s core infrastructure and local applications as well as a number of other “factors” to help ensure that users are really who they say they are, devices are safe and secure, and the network path is appropriate and clear.

What is Zero Trust Security?

The Zero Trust security model that BeyondCorp is built on assumes that no connection is inherently safe. In most traditional enterprise networks, firewalls are used to enforce security at the edge of the network — known as perimeter security. This security model has evident flaws in modern times because, if the firewall is breached, an attacker has relatively easy access to a company’s internal tools. It also assumes that everyone is working inside the building on a corporate connection. In a Zero Trust model, users, devices, networks, and even IT resources are all untrusted by default. 

Securing Remote Workers

With the rapid shift to remote work that 2020 thrust upon the world, a traditional perimeter security model increasingly showed its scaling problems. The perimeter-based system wasn’t built to account for the security needs of every single employee’s house or remote working space. Traditional models were built on the idea that everyone would be connecting on-premises. (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/beyondcorp-smbs

Zach DeMeyer 0 Comments

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 483 posts and counting.See all posts by zach-demeyer