By Zach DeMeyer Posted March 1, 2019
Many IT organizations are wondering about an overview of BeyondCorp™, Google®’s framework for Zero Trust Security. The model is gaining popularity, which makes sense given the meteoric rise of security breaches in the news. This article will wade into BeyondCorp, Zero Trust Security, and identity security as a whole.
What is BeyondCorp?
With the changing IT landscape and more cybersecurity attacks than ever, IT organizations are looking for new approaches to protect their digital assets. Traditional networks have always been protected by a perimeter of firewalls and other network security tools, where users inside the perimeter were trusted. Google, however, as a purveyor of cloud-based products, knew that users and resources located outside of the on-prem network couldn’t be protected by such a perimeter. Since modern IT organizations are leaning into the cloud more and more, the traditional perimeter model of security wasn’t enough, so Google created BeyondCorp.
The concept behind BeyondCorp is to effectively eliminate the idea of protection via a network perimeter, doing away with a domain where the trusted network is inside and untrusted is outside. By assuming that everything is untrusted and each interaction can be used as an instance to create trust, the belief is that there will be less risk for organizations. This is the fundamental idea behind the Zero Trust Security model.
The Core of BeyondCorp
Under Google’s BeyondCorp model, all users, systems, IT resources, and networks are untrusted. These resources don’t need to be in any specific location or leverage a specific network or type of system. Each layer of the BeyondCorp model has been built to create increased security while understanding that users and IT resources are global in nature.
The core of the Zero Trust Security model, and, by extension, BeyondCorp, is identity and access management (IAM). In essence, only the right people will access the appropriate resources as long as they have been validated, their systems secured, and the networks they are accessing them from are also made secure. Traditionally, the concept of identity management has been led by Microsoft® Active Directory®, which is still widely used today. But, under the Zero Trust Security model, the concept of the domain isn’t central, and may even be at odds with a perimeter-less network.
Modernized Identity Security
Instead, a new generation of cloud identity management is building off of the Zero Trust Security model to securely connect users to their IT resources. This approach leverages identity authentication services such as certificates. SSH keys, and MFA, in addition to a user’s, hopefully long and strong, password. Alongside the model is the ability to leverage True Single Sign-On™ capabilities via LDAP and SAML. Further, network authentication can be done uniquely through RADIUS, and VLAN steering can place users in the proper VLANs so as to not have a breach affect the entire network, just a segment.
While not every organization can devote the resources that Google has to their implementation of BeyondCorp, this strong cloud identity provider, JumpCloud® Directory-as-a-Service®, can set up organizations to leverage a Zero Trust Security model with little trouble.
You can dive deeper than this overview of BeyondCorp by checking out our blog and YouTube channel. If you would like to implement modern identity management for Zero Trust Security, try JumpCloud today, absolutely free. With ten users included for free forever, you can explore the capabilities of Directory-as-a-Service before you buy. Contact us to learn more.