Zero Trust: Network Security on a Micro-Scale with Google BeyondCorp

The remote-working culture is here to stay, and tech companies everywhere are getting in on it. Google’s new BeyondCorp uses the zero-trust security model to take the pressure off corporate VPNs in the management of remote worker access to internal networks and applications. We take a look at BeyondCorp and go over the concept of zero-trust network architecture this week so that you can Live Easy, with confidence.

Google BeyondCorp Remote Access

Google is sharing a little something from the inside with BeyondCorp Remote Access, an internally-adapted technology turned subscription-based service. BeyondCorp provides an easy way for SMEs to set selective and specific access requirements for employees using internal applications. This offers some relief in times of a remote-working culture, when VPN deployment potentially soars beyond what many corporate networks are fit to handle.

By essentially micro-restricting corporate network and application access, SMEs using BeyondCorp authenticate a user’s device identity to authorize entry, regardless of user location (no network perimeter). Security certificates are installed on authorized devices to maintain a database of authorized devices, and human resources databases are integrated to manage username and membership data. Users simply connect through a single sign-on system that authenticates them across internal databases.

Called a zero trust security model, this type of security-via-selectivity is getting popular with corporate tech trends in cloud services and virtualization increasing demand for network perimeter micro-management.

The Zero Trust Security Model

A zero trust network security architecture verifies anything and everything seeking to connect to internal systems before granting access. In other words, virtually all internal access is denied until authentication is complete. As the name suggests, nothing and no one is trusted.

This “question everything” approach comes in contrast to the previous castle-and-moat structure, where the perimeters of a network are secured, while everyone and everything already inside is assumed safe and granted access across internal databases. This lack of internal verification has allowed hackers to easily navigate internal applications once across a corporate firewall, feeding their malicious intents.

With SMEs going hybrid more than ever, these old ways aren’t enough anymore. Corporate internal applications are kept both on-premises and on the cloud, while employees work remotely, accessing the corporate network from various devices in multiple locations. The castle isn’t isolated anymore, and single perimeters don’t seem to apply.

Micro-segmentation

What does it take to successfully implement a zero-trust security model? Well, to achieve that level of control and selectivity over letting users in takes micro-segmentation for granular perimeter enforcement. That’s to say, perimeters aren’t disappearing, they’re getting smaller.

Micro-segmentation is the isolation of workloads to secure them individually with secure zones set up in data centers and cloud platforms. It allows for a finer grain monitoring of traffic than a traditionally more coarse segmentation of workloads, by requiring authentication at every move. Granting network access is then based on factors such as identifying and authorizing the user device requesting access (as with BeyondCorp). This, in turn, leads to the development of multifactor authentication protocols, identity access management (IAM), and permissions/governance policies that come together to weave a detailed internal security web.

As Forrester Principal Analyst Chase Cunningham describes, designing a zero-trust architecture starts “from inside the network out vs. outside in.” It’s about the concept of denying all access until trust has been established, and like any security protocol, it’s an ongoing effort.

At LeCiiR, we stay current to provide our clients with quality, innovative security solutions. That’s why we offer custom zero trust security model implementation services for your SME. The work-from-home culture is here to stay, and being prepared is about being proactive – with security at the forefront. For questions on this topic or any others, don’t hesitate to contact us and leave your comments.