By Zach DeMeyer Posted March 24, 2019
Studying what trends are on the rise in identity management, one may see an increase in chatter about BeyondCorp™. The security framework from Google® is sparking many organizations to reconsider their networks, and how they can implement BeyondCorp. Why is implementing BeyondCorp an important hurdle to an IT organization? Well, let’s first start with what BeyondCorp is and then we can drop into why using the model is critical for IT security.
What is BeyondCorp?
Zero Trust Security
BeyondCorp is, essentially, an implementation model of Zero Trust Security, delivered by Google. Zero Trust Security turns the traditional network security model, often called the perimeter security model, on its head. Perimeter security consists of creating layers of security features around the network, creating a domain based on trust that, in theory, sheltered authorized users and sensitive data inside the perimeter and kept bad actors out. Zero trust, on the other hand, is aptly named; no user or resource should be trusted until they’ve built trust in the network. ®
By assuming everything is untrusted to start, each interaction requires the generation of trust. That starts with understanding that the user is the right person to access their Windows®, Mac®, or Linux® laptop or desktop. From there, accessing IT resources needs to generate trust through identity, system configuration, and the network connection. These data points help to ensure that the right person can work securely on their materials.
Google’s Version of Zero Trust
Obviously, with Google’s globally dispersed workforce, the concept of a traditional physical, or even virtual, domain doesn’t make a lot of sense. And, neither does the concept of setting VPNs everywhere and the additional end user hassle and friction from them. So, the idea behind BeyondCorp is to enable people to do their work securely, regardless of where they are and what network they are on.
Challenges with Implementing BeyondCorp
The challenge is that most organizations don’t have the resources, nor the expertise, of Google to build and implement their own Zero Trust Security security model like BeyondCorp. Switching the security stance of an entire organization can be daunting. The good news is that there are foundational steps that organizations can take towards implementing the BeyondCorp model without great expense and time.
The foundation of Zero Trust is identity and access management (IAM). Ensuring that the right people are accessing the right IT resources is critical. Traditionally, that has happened through the Microsoft® Active Directory® platform. But, in the world of BeyondCorp, there is no domain or perimeter to the network. The result is that a new generation of IAM solution is required.
IAM for Zero Trust Security
The good news is that a next generation cloud identity management platform, called JumpCloud® Directory-as-a-Service®, is helping organizations take their first step towards implementing the BeyondCorp security model. As a full-fledged directory service, Directory-as-a-Service starts off by authorizing users at the system level, propagating that authorization out to the user’s resources. By using a System-as-a-Gateway model, Directory-as-a-Service builds trust as users continue to use their passwords, multi-factor authentication (MFA), and securely authenticating to the network via RADIUS.
JumpCloud Directory-as-a-Service is available free for your first ten users, forever. Simply sign up and start your JumpCloud journey today. If you have questions about using Directory-as-a-Service for implementing BeyondCorp, you can contact us. You can also find more information by checking out our YouTube page or blog.