By Zach DeMeyer Posted March 8, 2019
It is apparent that traditional models of security have failed modern IT organizations. With breaches a frequent feature of the newscycle, locking down the network is critical. Many IT admins are starting to hear about the Zero Trust Security model and, with it, they are looking for an introduction to BeyondCorp™.
What is BeyondCorp?
BeyondCorp is an implementation model for Zero Trust Security created by Google. With Google’s intense focus on security, their globally distributed workforce and infrastructure, and cloud-forward nature, they were looking for a new security model. Whether they came up with their version of Zero Trust Security independently or not, Google’s BeyondCorp implementation is an approach worth studying.
What is Zero Trust Security?
But, before diving into the actual specifics of a BeyondCorp implementation, we should step back and understand why Zero Trust Security is important. The traditional approach to security was based on the concept of the perimeter, a collection of various layers of protection. When you were inside the perimeter, you were “safe” and everything outside the perimeter was unsafe. In order to access the safe network interior you either needed to be inside—on the domain—or you needed to VPN in to gain access.
Google realized long ago that this model was antiquated. Their business revolved around driving infrastructure to the cloud, and their globally dispersed workforce meant that it was difficult to have a centralized interior domain. So, they scrapped the whole approach and decided to start with the assumption that everything including people, systems, IT resources, networks, and more were all untrusted by default.
With everything untrusted, the BeyondCorp model then works to create trust through verifying identities, checking system configurations and settings, controlling access, and securing network connections. These approaches and more ensure that users can seamlessly and safely do work from anywhere in the world with any type of resources, regardless of its location and without VPNs. This was a breakthrough approach and really eliminated the concept of the network perimeter and, by consequence, the concept of the domain.
Dealing with Change
For most organizations, this approach is quite new and difficult because of the historical precedent set by Microsoft® Active Directory® Domain Services, VPNs, and the layered security model. But, as more IT resources shift to the cloud and away from Windows®-based infrastructure, the need for new technology to help support a Zero Trust Security implementation is critical. After all, the directory service is the core of authentication and authorization for an IT organization.
In order to address the heterogeneous changes facing IT environments, a new generation of directory services, available from the cloud, appeared to assist with the shift towards Zero Trust Security. This Directory-as-a-Service® allows IT admins to manage virtually all of the resources their end users leverage, regardless of their platform, protocol, provider, or location. With cross-platform Policies, IT admins using Directory-as-a-Service (DaaS) can enable multi-factor authentication (MFA), full disk encryption (FDE), and other key security measures across entire system fleets.
Beyond Zero Trust
While an introduction to BeyondCorp is a great place to start learning about implementing Zero Trust Security, take the first step towards implementing it in your organization and try JumpCloud® Directory-as-a-Service today. The cloud directory service includes ten users for free forever. Regardless of if you are a customer or not, you can contact us for support to learn more.