A zero trust network is one in which no person, device, or network enjoys inherent trust. All trust, which allows access to information, must be earned, and the first step of that is demonstrating valid identity. A system needs to know who you are, confidently, before it can determine what you should have access to. Add to that the understanding of what you can access–authorization–and you’ve got the core foundation of zero trust security.At Google we rely on a zero trust system known as BeyondCorp, to move beyond the idea of a privileged corporate network.In this issue of GCP Comics we discuss ways of acquiring trust, as our friend attempts to visit some distant relatives.Why set up a zero trust model?Here are a few compelling reasons for setting up a zero trust system:Preserve the productivity of your employees working from home, from the office, from a coffee shop, or from anywhere elseDeploy quickly, faster than a traditional VPN system, for rapid onboardingSpin up new device access quickly in case of unexpected latté-applied-to-laptop and similar incidentsGive each web application its own access control, for precise security and lower riskDecide access based on identity, device health, location, time of day, or other factorsGoogle zero trust tools can protect your workloads on any public cloud, or on-premises, so you don’t need to move your applications to improve their securityBenefits of zero trustLower friction Zero trust systems can be invisible to the employees at your company. They sign in, they use a strong second factor, and they are ready to go. PortabilityThe authentication and authorization aren’t tied to your location. Previous methods of access control relied on trusted networks, giving privileged access to anyone inside the established corporate network. With a zero trust model it’s easy to work from home and access all the same systems and tools.SafetySwitching to a zero trust system has helped Google, and many other enterprises, reduce their exposure and minimize security incidents, proactively stopping phishing-based attacks and lateral movement after a compromise.ResourcesBeyondCorp Remote Access, our enterprise grade security offering for protecting workloads on Google Cloud, other clouds, or on-premisesBeyondCorp at Google, our own zero trust implementationPublished research papers on how Google created, deployed, and evolved the BeyondCorp model.Identity-Aware Proxy, The Google Cloud protective layer used to create context-based access to apps, VMs, and services.Want more GCP Comics? Visit gcpcomics.com & follow us on Twitter at @pvergadia and @maxsaltonstall for updates on the next issue!Related ArticleKeep your teams working safely with BeyondCorp Remote AccessEnabling remote access to internal apps with a simpler and more secure approach without a remote-access VPNRead Article
Quelle: Google Cloud Platform
Published by